London Daily

Focus on the big picture.
Wednesday, Oct 22, 2025

The Microsoft Exchange hack shows attackers are working 'smarter, not harder,' experts say

The Microsoft Exchange hack shows attackers are working 'smarter, not harder,' experts say

Experts are still unsure of the hackers' motivations, and whether the incident may have been a "test run" for a larger attack.

News about a hack that impacted hundreds of thousands of global organizations has largely flown under the radar.

On March 3, Microsoft announced Hafnium, a Chinese-sponsored hacker group, exploited vulnerabilities in its Exchange email servers. Microsoft said hackers left behind "web shells," or tools that allow bad actors to access victims' systems remotely after initial access.

The attack impacted hundreds of thousands of organizations globally and 30,000 in the US. Experts recently told Insider's Aaron Holmes the hack could be "1,000 times more crippling" than the widely publicized SolarWinds attack.

Cyber security experts say though the Exchange server hack has not shocked Americans the way the SolarWinds attack did last year, but citizens must pay attention because of the likely increase in hacks this year and the different ways bad actors are exploiting victims.

"This attack underscores just how vulnerable even the most secure organizations or individuals are when targeted by skilled cybercriminals," Marcin Klecyznski, the CEO of Malwarebytes, told Insider.

Microsoft announced a hack in its Exchange email servers on March 3.

Why you should care about the attack


One takeaway from the Exchange Server attack is that no one is safe from a hack.

Microsoft is an industry leader that accelerated cloud-based security efforts as offices transitioned to remote work during the pandemic. But getting hacked means companies need to develop software with security in every step, as well as have an incident response plan to patch flaws and notify users, per Jonathan Knudsen, a senior security strategist at Synopsys Software Integrity Group.

The hack also suggests cybercriminals are working "smarter, not harder," said Klecyznski. Bad actors know IT security teams' resources have become more stretched due to the rise in remote work, and hackers are looking to advantage of that gap in oversight, he said.

Knudsen advises anyone responsible for a Microsoft Exchange server to patch the system and check for signs of an attack. Systems administrators also need to update servers and carefully examine systems at all times, because hackers can have access to a device for months or years before someone notices.

Kelvin Coleman, the executive director at the National Cyber Security Alliance, said security experts are still unsure of the hackers' motivations, and whether the incident may have been a "test run" for a larger attack — which makes protecting user accounts with quality passwords and multi-factor authentication imperative.

"It can impact a lot of things if folks don't have confidence that their information is protected and secure," Coleman said.

How the Microsoft Exchange hack differs from other attacks


SolarWinds hackers were able to spy on federal agencies like the Department of Homeland Security and Treasury Department. Coleman said the Microsoft attack has received relatively less media attention due to the victims being small- to mid-size organizations and local governments, but that still leaves systems and personal information vulnerable.

The attack also differs from others because hackers did not need to interact with victims to get access to their information, said Ben Read, the senior manager for Cyber Espionage Analysis in FireEye's Intelligence unit. Unlike a phishing scam, which relies on users clicking into a link with malware, the Exchange Server attack gave hackers more control.

Read said that, though this isn't the first time this kind of attack happened, there's been a rise in vulnerabilities in web-facing applications in the past 18 months. Analysts predict cyber attacks will dramatically increase this year as hackers exploit uncertainty around COVID-19 and take advantage of remote workers.

"The sheer number of victims makes it a big deal," Read said in an interview with Insider. "Anyone who hasn't taken mitigation efforts...they're vulnerable as other groups kind of figure out how to exploit these vulnerabilities."

Newsletter

Related Articles

0:00
0:00
Close
‘Frightening’ First Night in Prison for Sarkozy: Inmates Riot and Shout ‘Little Nicolas’
White House Announces No Imminent Summit Between Trump and Putin
US and Qatar Warn EU of Trade and Energy Risks from Tough Climate Regulation
Apple Challenges EU Digital Markets Act Crackdown in Landmark Court Battle
Nicolas Sarkozy begins five-year prison term at La Santé in Paris
Japan stocks surge to record as Sanae Takaichi becomes Prime Minister
This Is How the 'Heist of the Century' Was Carried Out at the Louvre in Seven Minutes: France Humiliated as Crown with 2,000 Diamonds Vanishes
China Warns UK of ‘Consequences’ After Delay to London Embassy Approval
France’s Wealthy Shift Billions to Luxembourg and Switzerland Amid Tax and Political Turmoil
"Sniper Position": Observation Post Targeting 'Air Force One' Found Before Trump’s Arrival in Florida
Shouting Match at the White House: 'Trump Cursed, Threw Maps, and Told Zelensky – "Putin Will Destroy You"'
Windows’ Own ‘Siri’ Has Arrived: You Can Now Talk to Your Computer
Thailand and Singapore Investigate Cambodian-Based Prince Group as U.S. and U.K. Sanctions Unfold
‘No Kings’ Protests Inflate Numbers — But History Shows Nations Collapse Without Strong Executive Power
Chinese Tech Giants Halt Stablecoin Launches After Beijing’s Regulatory Intervention
Manhattan Jury Holds BNP Paribas Liable for Enabling Sudanese Government Abuses
Trump Orders Immediate Release of Former Congressman George Santos After Commuting Prison Sentence
S&P Downgrades France’s Credit Rating, Citing Soaring Debt and Political Instability
Ofcom Rules BBC’s Gaza Documentary ‘Materially Misleading’ Over Narrator’s Hamas Ties
Diane Keaton’s Cause of Death Revealed as Pneumonia, Family Confirms
Former Lostprophets Frontman Ian Watkins Stabbed to Death in British Prison
"The Tsunami Is Coming, and It’s Massive": The World’s Richest Man Unveils a New AI Vision
Outsider, Heroine, Trailblazer: Diane Keaton Was Always a Little Strange — and Forever One of a Kind
Dramatic Development in the Death of 'Mango' Founder: Billionaire's Son Suspected of Murder
Two Years of Darkness: The Harrowing Testimonies of Israeli Hostages Emerging From Gaza Captivity
EU Moves to Use Frozen Russian Assets to Buy U.S. Weapons for Ukraine
Europe Emerges as the Biggest Casualty in U.S.-China Rare Earth Rivalry
HSBC Confronts Strategic Crossroads as NAB Seeks Only Retail Arm in Australia Exit
U.S. Chamber Sues Trump Over $100,000 H-1B Visa Fee
Shenzhen Expo Spotlights China’s Quantum Step in Semiconductor Self-Reliance
China Accelerates to the Forefront in Global Nuclear Fusion Race
Yachts, Private Jets, and a Picasso Painting: Exposed as 'One of the Largest Frauds in History'
Australia’s Wedgetail Spies Aid NATO Response as Russian MiGs Breach Estonian Airspace
McGowan Urges Chalmers to Cut Spending Over Tax Hike to Close $20 Billion Budget Gap
Victoria Orders Review of Transgender Prison Placement Amid Safety Concerns for Female Inmates
U.S. Treasury Mobilises New $20 Billion Debt Facility to Stabilise Argentina
French Business Leaders Decry Budget as Macron’s Pro-Enterprise Promise Undermined
Trump Claims Modi Pledged India Would End Russian Oil Imports Amid U.S. Tariff Pressure
Surging AI Startup Valuations Fuel Bubble Concerns Among Top Investors
Australian Punter Archie Wilson Tears Up During Nebraska Press Conference, Sparking Conversation on Male Vulnerability
Australia Confirms U.S. Access to Upgraded Submarine Shipyard Under AUKUS Deal
“Firepower” Promised for Ukraine as NATO Ministers Meet — But U.S. Tomahawks Remain Undecided
Brands Confront New Dilemma as Extremists Adopt Fashion Labels
The Sydney Sweeney and Jeans Storm: “The Outcome Surpassed Our Wildest Dreams”
Erika Kirk Delivers Moving Tribute at White House as Trump Awards Charlie Presidential Medal of Freedom
British Food Influencer ‘Big John’ Detained in Australia After Visa Dispute
ScamBodia: The Chinese Fraud Empire Shielded by Cambodia’s Ruling Elite
French PM Suspends Macron’s Pension Reform Until After 2027 in Bid to Stabilize Government
Orange, Bouygues and Free Make €17 Billion Bid for Drahi’s Altice France Telecom Assets
Dutch Government Seizes Chipmaker After U.S. Presses for Removal of Chinese CEO
×