Security researchers believe attacks exploiting four critical Microsoft Exchange Server vulnerabilities extend beyond the “limited and targeted” incidents reported by Microsoft this week when it issued patches for the zero-day flaws and urged enterprises to patch immediately.
Organizations first learned of the Exchange server zero-days on Tuesday when Microsoft released the fixes. It attributes the activity to a group called Hafnium “with high confidence.” Hafnium is believed to operate out of China and primarily targets organizations based in the United States, Microsoft reports.
As more security researchers track the activity, new details emerge about these active exploits, how they were found, and factors that drove the release of yesterday’s out-of-band patches.
These attacks appear to have started as early…