Multiple nation-state groups are hacking Microsoft Exchange servers
A recent vulnerability in Microsoft Exchange email servers has been exposed by multiple different government-backed hacking groups. The hacking attempts were first spotted by the UK based cyber security firm Volexity, who has not yet shared names of the hacking groups exploiting the vulnerability, however, they have stated that the hacking groups are all relatively well-known groups.
The groups are exploiting a vulnerability identified as CVE-2020-0688, which was patched by Microsoft last month in the February Patch Tuesday. The bug causes Microsoft Exchange servers to fail to create a unique cryptographic key, meaning that all Microsoft Exchange email servers released in the past ten years use identical cryptographic keys. Attackers can exploit this by sending malformed requests to the Exchange control panel containing malicious data allowing attackers full control of the server.