Smile On Fridays secured coverage in Forbes for Red Canary
The U.S. Department of Homeland Security has issued an emergency directive as ongoing Microsoft Exchange attacks determined to pose “unacceptable risk” to federal agencies.
The ongoing attacks on Exchange Server, attributed by Microsoft to a Chinese state-sponsored threat group identified as HAFNIUM, have now been declared an “unacceptable risk to Federal Civilian Executive Branch agencies” by the U.S. Department of Homeland Security: an unacceptable risk that requires emergency action.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-02 on March 3, requiring federal agencies to comply by noon, EST, on March 5. Compliance requires identifying all instances of Microsoft Exchange Servers, a forensic triage of system memory and logs to identify indications of compromise, immediate disconnection of on-premises servers where compromise is identified and application of the emergency patches released by Microsoft otherwise.