"Since August 2022, dozens of Russian organizations have been hacked through vulnerability of the Microsoft Exchange work email server. The victims have been mainly representatives of small and medium-sized businesses," the company said.
The hackers attacked Russian firms using a special utility, which provided access to mailboxes of organizations' users and lists of contacts. The cybercriminals uploaded all email correspondence along with files attached to emails, experts told Sputnik.
Companies found out that they had been hacked when their employees received emails from security4real@proton.me, mentioning payment for allegedly provided security audit services. In fact, it was a ransom — the amount that had to be paid so that hackers did not publish the stolen information. In some cases, the ransom reached $10,000, according to experts.
"The victims of the hackers have been companies that failed to install the latest security updates on the Microsoft Exchange server in time, although this vulnerability and ways to eliminate it have been known since the fall of 2021," Teymur Kheirkhabarov, the head of the Cyberdefense Center at BI.Zone, told Sputnik.
Such cyberattacks once again show the importance of timely closing the gaps in the company's cybersecurity perimeter, Kheirkhabarov added.