<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt=""> The Microsoft Exchange Server Attack: What Happened, and What’s Next?

The Microsoft Exchange Server Attack: What Happened, and What’s Next?


    See Virtru In Action

    { content.featured_image.alt }}
    In the first half of 2021 alone, the world has seen several sophisticated, large-scale cyber attacks, each affecting thousands of organizations and government entities. The most serious of these attacks have been attributed to nation-state espionage groups focused on stealing sensitive data.


    Most recently, an attack that exploits Microsoft Exchange Server users has come to light. Although the attack was detected in early 2021, the impacts have been extensive and wide-ranging, with Belgium’s interior ministry announcing in late May that their entire computer system had been accessed by an intruder.

    Here is what we know about the attack, how organizations can respond, and how to prepare for future incidents. 

    How did the Microsoft Exchange Server attack happen?

    In early March, cybersecurity experts uncovered an extensive Microsoft Exchange Server attack that exploited vulnerabilities in Microsoft’s email software. More than 30,000 organizations have been impacted since the attack began in early January, with this number being cited as a conservative estimate. 

    The impacted organizations were running Microsoft Exchange from on-premises servers. The incident did not affect Microsoft 365 or Azure Cloud. 

    The attack has been attributed to a Chinese cyber espionage group that aims to steal email from victim organizations. In this attack, the group took advantage of Microsoft’s email vulnerabilities to steal the full contents of user mailboxes. 

    Once the attack was discovered, Microsoft worked over the next several weeks to release security updates with patches for these vulnerabilities, and it recommends that companies prioritize installing those updates on externally facing Exchange servers. Additionally, a U.S. Cybersecurity and Infrastructure Security Agency (CISA) emergency directive was issued for all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to update the software or disconnect the products from their networks. 

    What should organizations do now?

    Mitigating and assessing damage from this cyber attack should be the top priority for affected organizations and government entities. Once this is managed, it’s critical to re-examine your tech stack and prioritize your next steps to better protect your sensitive data. 

    • Take control of your data. Native email security and encryption are not enough, especially for organizations that need to comply with regulations such as HIPAA, CJIS, or ITAR. By putting additional safeguards in place, you can immediately take action to lock down your most important data. In an age where rapid incident response is a priority, waiting for another organization to address a breach doesn’t meet our time-sensitive needs. Instead, while Microsoft was working on a patch, you could have taken immediate action with Virtru. Virtru’s end-to-end encryption protects data from the time it’s created, until long after it’s shared. In moments, an administrator could revoke all access to shared files, and if you’re hosting your own encryption keys with distributed architecture, you can take additional steps to further secure that data. 
    • Prioritize moving to the cloud. Many organizations feel compelled to store data on-premises because they feel it gives them better control. But this is no longer the case: Cloud solutions, such as Google Cloud, when augmented with additional layers of security (such as the Google Workspace encryption that Virtru provides), can be more secure than on-premises data management. If you’d like to move to the cloud but are unsure about the impacts on your organization’s compliance regulations or security needs, contact us: We can help you assess your program and next steps.
    • Protect the data itself, not just the perimeter. To protect themselves from a breach like this one, companies should take a data-centric cybersecurity posture that protects the data itself, not just the perimeter. Following a Zero Trust framework that assumes your network has already been breached, data-centric security adds additional layers of protection to your most valuable information so that, even in the face of a breach, the data itself can still remain secure. 

    Virtru was built to protect sensitive, highly confidential information for governments, businesses, and individuals alike. To learn more about how you can protect your organization’s most important data and prepare yourself to manage future cyber threats, contact Virtru today. 

    This post was revised on May 27, 2021 to include additional global impacts from the Microsoft Exchange Server attack. 

    Editorial Team

    Editorial Team

    The editorial team consists of Virtru brand experts, content editors, and vetted field authorities. We ensure quality, accuracy, and integrity through robust editorial oversight, review, and optimization of content from trusted sources, including use of generative AI tools.

    View more posts by Editorial Team

    See Virtru In Action