Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Malicious actors exploited Microsoft Exchange to hack US defense infrastructure

By Security Staff
defense-freepik1170x658.jpg

Image via Freepik

October 6, 2022

Multiple hacking groups exploited vulnerabilities in Microsoft Exchange to gain “long-term access” to the server of an unnamed defense company.


The attackers, who had been exploiting the vulnerability as early as January 2021, stole what Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called sensitive data — the company’s email, meetings, contacts, and other records. 


In a Cybersecurity Advisory (CSA), CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) highlighted this advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) sector organization’s enterprise network.


APT actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.


According to CISA, the APT cyber actors used virtual private network (VPN) and virtual private server (VPS) providers, M247 and SurfShark, as part of their techniques to remotely access the Microsoft Exchange server. Use of these hosting providers, which serves to conceal interaction with victim networks, are common for these threat actors, CISA says.


According to CISA’s analysis of the victim’s Microsoft Exchange server Internet Information Services (IIS) logs, the actors used the account of a former employee to access the EWS, which enables access to mailbox items such as email messages, meetings, and contacts. The source IP address for these connections is mostly from the VPS hosting provider, M247.


Tom Kellermann, CISM, senior vice president of cyber strategy at Contrast Security, who served on the Commission on Cybersecurity for President Barack Obama’s administration which worked on assessing and improving U.S. cyber infrastructure, says that the national security implications of this espionage campaign are significant. “The Chinese threat actor behind this intrusion represents their “A team.” With tensions simmering over Taiwan, we presume more of these infiltrations are occurring. The likelihood of them island hopping through the victim organization into military networks is high. Expanded threat hunting across Microsoft exchange servers and their administrators’ endpoints are imperative. My biggest concern is whether the integrity of the data was manipulated post-exploitation.”


The joint CSA provides APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified during the incident response activities by CISA and a third-party incident response organization. 


The CSA includes detection and mitigation actions to help organizations detect and prevent related APT activity. CISA, FBI, and the NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of cyber threats to their networks.

KEYWORDS: CISA cybersecurity incident response national security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Sewer

Why Are People Entering NYC’s Sewers at Night?

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • half open laptop with pink and blue lights

    CISA warns that malicious actors are targeting cloud infrastructure

    See More
  • Woman holding phone in front of laptop

    Malicious actors are cat-phishing targets in order to spread malware

    See More
  • software-code-exploit-freepik1170.jpg

    Threat actors exploited more zero-day vulnerabilities in 2021

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • into to sec.jpg

    Introduction to Security, 10th Edition

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing