Organizations that run Microsoft Exchange Servers are being urged to apply several bug fixes to the program in response to a hack from a Chinese cybercriminal group.

The cybercriminal group is able to gain access to an Exchange server either by using stolen account credentials or by using the vulnerabilities to disguise as someone who should have access. The group is able to control the compromised server remotely by creating a web shell, a piece of malicious code that gives attackers remote administrative to steal data from an organization’s network.

Subsequently the FDIC proactively reached out to 21CFS and may have reached out to many of you as well to review and discuss Microsoft Exchange configurations and how they may or may not be affected. In our review with FDIC, we have created this memo with action steps that your bank should take for your IT and Cybersecurity departments to immediately review and confirm all email configurations, designs, and patch levels are adequately protected against this and expected future attacks. If you should have any questions, or need guidance on addressing this latest attack, please contact 21CFS today.