10 March 2021
The Australian Cyber Security Centre has identified extensive targeting and has confirmed compromises of Australian organisations with vulnerable Microsoft Exchange deployments.
This comes after at least 30,000 organisations in the United States have been hacked by an aggressive Chinese cyber espionage unit that is focused on stealing email from victim organisations.
The campaign has exploited flaws in Microsoft Exchange software which has led to the stealing of email and infecting computer servers with tools that let attackers take control remotely.
The Australian Cyber Security Centre urged Australians to urgently “patch” their email networks and protect them from hackers who sought to make use of the Microsoft vulnerabilities.
QLS ethics solicitor David Bowles has written an article about this attack and provides advice to law firms on the action required.
Pexa has also written an article on email phishing and what action law firms can take to protect themselves.