HomeWinBuzzer NewsMicrosoft Exchange Server Attacks: Hackers Were Hunting for Exploits Within 5 Minutes

Microsoft Exchange Server Attacks: Hackers Were Hunting for Exploits Within 5 Minutes

A report suggests threat actors were scanning for vulnerable Microsoft Exchange Server systems within minutes of Microsoft confirming bugs.


Exchange Server vulnerabilities resulted in tens of thousands of organizations becoming compromised by attacks this year. WinBuzzer this week reported how Microsoft bugs are hot property on underground hacking forums. To emphasize the point, threat actors began scouring the web for vulnerable Exchange Servers within minutes of Microsoft confirming there were active in the wild.

According to the 2021 Cortex Xpanse Attack Surface threat report from Palo Alto Networks (published Wednesday), cybercriminals wasted little time before targeting enterprises.

Of course, it's not uncommon for to jump on a new exploit. The sooner a threat actor can target a system the more chance they have of breaching security before a patch is issued. Still, the speed of response from the cybercriminal community for the Microsoft Exchange Server exploit was surprising.

Microsoft Exchange Server was successfully attacked through an exploit first used by the HAFNIUM group. More threat groups have since targeted the exploit. Microsoft has sent out patches for all versions of the service, including those out of support.

Microsoft says updating Exchange Server is the best way to avoid the exploit. Furthermore, the company has launched a tool to help customers know if they have been breached. In April, Microsoft released a new update of security patches for Exchange Server.

However, as we recently reported, some attacks persist and are targeting organizations that have not patched their systems.

Rapid Response

Palo Alto Networks' report shows that zero-day vulnerabilities usually trigger scans from threat actors within 15 minutes of being made public. With Microsoft Exchange Server, hackers were even quicker, scanning in under 5 minutes.

The affordability of tools needed for accurate scans could mean this timeframe signals a wider shift:

“Computing has become so inexpensive that a would-be attacker need only spend about $10 to rent cloud computing power to do an imprecise scan of the entire internet for vulnerable systems,” the report says. “We know from the surge in successful attacks that adversaries are regularly winning races to patch new vulnerabilities.”

Tip of the day: Is your system drive constantly full and you need to free up space regularly? Try Windows 10 Disk Cleanup in extended mode which goes far beyond the standard procedure. Our tutorial also shows you how to create a desktop shortcut to run this advanced method right from the desktop.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News