Microsoft Exchange Server Attack Timeline

Brian Krebs over at Krebsonsecurity.com has put together a handy timeline regarding the recent string of Microsoft Exchange Server attacks.

The timeline starts on January 6th and runs up to the present. Here are the first two months of the time line according to Mr. Krebs:

• Jan. 5: DEVCORE alerts Microsoft of its findings.
• Jan. 6: Volexity spots attacks that use unknown vulnerabilities in Exchange.
• Jan. 8: DEVCORE reports Microsoft had reproduced the problems and verified their findings.
• Jan. 11: DEVCORE snags proxylogon.com, a domain now used to explain its vulnerability discovery process.
• Jan. 27: Dubex alerts Microsoft about attacks on a new Exchange flaw.
• Jan. 29: Trend Micro publishes a blog post about “Chopper” web shells being dropped via Exchange flaws (but attributes cause as Exchange bug Microsoft patched in 2020)
• Feb. 2: Volexity warns Microsoft about active attacks on previously unknown Exchange vulnerabilities.
• Feb. 8: Microsoft tells Dubex it has “escalated” its report internally.
• Feb. 18: Microsoft confirms with DEVCORE a target date of Mar. 9 (tomorrow) for publishing security updates for the Exchange flaws. That is the second Tuesday of the month — a.k.a. “Patch Tuesday,” when Microsoft releases monthly security updates (and yes that means check back here tomorrow for the always riveting Patch Tuesday roundup).
• Feb. 26-27: Targeted exploitation gradually turns into a global mass-scan; attackers start rapidly backdooring vulnerable servers.

You can read the rest of it over on his blog.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.