HomeWinBuzzer NewsMicrosoft Exchange Server Attackers Target KrebsOnSecurity

Microsoft Exchange Server Attackers Target KrebsOnSecurity

In an effort to delegitimize noted security researcher KrebsOnSecurity, Microsoft Exchange Server hackers are using domains mimicking the researcher.


When a major threat is happening, the name KrebsOnSecurity is never too far away. Security researcher and expert Brian Krebs often leads the fight back against threat actors with vital information about attacks. Recently, he was at the forefront of reporting the ongoing Exchange Server exploit attacks.

As you can images, fighting the good fight against means threat groups put a target on KrebsOnSecurity. From doxing tactics to attacks on his website, Krebs has faced a lot of backlash from cyber criminals.

Now bad actors are trying a new tactic. Instead of attempting to take KrebsOnSecurity down, they are aiming to delegitimize the website and Krebs himself. Specifically, attackers are using a domain like the legitimate Krebs website to deliver exploits to Microsoft Exchange Server.

Shadowserver Foundation reports over 21,000 compromised servers carry the brian[.]krebsonsecurity[.]top domain. Furthermore, a malware file known as “krebsonsecurity.exe” is running data transfers between the domain and victim server.

It seems the reason behind the attack is to give people a wrong idea of what KrebsOnSecurity is, although Krebs argues the motivation is unknown:

“The motivations of the cybercriminals behind the Krebonsecurity dot top domain are unclear, but the domain itself has a recent association with other cybercrime activity — and with harassing this author,” Krebs says.

Exchange Server Attacks

Microsoft Exchange Server is in the midst of an attack through an exploit first used by the HAFNIUM group. More threat groups have since targeted the exploit. Microsoft has sent out patches for all versions of the service, including those out of support.

Security researcher Krebs said at the start of the attack more than 30,000 companies in the U.S. alone have been hit by the attack. He adds most of these organizations are small businesses and governments:

“If your organization runs an [Outlook Web Access] server exposed to the internet, assume compromise between [February 26 and March 3].”

Microsoft says updating Exchange Server is the best way to avoid the exploit. Furthermore, the company has launched a tool to help customers know if they have been breached.

Tip of the day:

Whether you're planning an upgrade, tuning CPU timings, or just curious, it's handy to know information about your RAM. In our tutorial, we show you how to check RAM speed, type, and size using several built-in tools.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News