Microsoft has warned businesses and governmental organizations around the world that its server software is the target of an ongoing cyberattack campaign. In order to obtain unauthorized access, steal data, and interfere with vital infrastructure systems, the company issued a warning that hackers are taking advantage of unpatched vulnerabilities in its Exchange and SQL Server products. The campaign seems to be state-sponsored or supported by well-funded threat actors, according to Microsoft’s Threat Intelligence team. The attackers are specifically targeting senior citizen or unsecured servers with advanced malware strains and zero-day exploits. Organizations are urged by the alert to monitor anomalous network activity and apply the most recent patches. Internal networks are undergoing lateral movement following initial breaches, and the attacks are being executed in waves. Once inside, hackers utilize tools for credential theft and ransomware payloads. Microsoft emphasized that even government-classified or air-gapped networks are susceptible if edge servers are not promptly patched or sufficiently protected. Although Microsoft has not publicly identified a nation-state as the perpetrator of the attack, cyber experts point to parallels with previous campaigns associated with North Korean, Russian, and Chinese organizations. Numerous European and Asian government agencies have already reported attempted breaches, leading to emergency response actions in a number of sectors. Microsoft has not publicly identified a nation-state as the perpetrator of the attack, but cyber experts point to parallels with previous campaigns associated with North Korean, Russian, and Chinese organizations. Numerous European and Asian governments have already reported attempted breaches, leading to emergency response actions in a number of sectors.
