What’s Going on with the Microsoft On-Prem Exchange Hack?

Visit Website View Our Posts

Only a few weeks ago, cybersecurity responders were working around the clock in response to the Microsoft on-prem Exchange server hack—an attack that has affected more than 250,000 individuals across the globe.

These attacks were orchestrated by a group Microsoft is calling “Hafnium” who are expert hackers working out of China to target US based industries like policy think tanks, infectious disease researchers, higher education groups, law firms, and defense contractors. They’re specifically after login information that they can then use to access private data or information.

Tom Burt, Microsoft Corporate Vice President, described how the attacks occur: “First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undisclosed vulnerabilities to disguise itself as someone who should have access.” Next, hackers would take over the server from an outside location to search for and steal information.



The Hafnium attack occurred just a few months after the Russian-linked SolarWinds hack, which spread a virus across hundreds of government-owned and private computer networks. While the SolarWinds attack was bad, CISA warns that the Hafnium attacks could have catastrophic consequences if not dealt with immediately.

Stay Protected with JourneyTEAM

After the hacks began, Microsoft quickly released patches for 2010, 2013, 2016, and 2019 Exchange versions. These patches were specifically designed to protect data from Hafnium with executives stating: “Because we are aware of active exploits of related vulnerabilities in the wild (limited targeted attacks), our recommendation is to install these updates immediately.”

Even with these new updates, Microsoft is urging organization’s to increase their security. Burt further stated:

“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”



Hackers are smart—and sneaky. That’s what makes them so good at what they do. They’re able to find even the smallest vulnerability into your system and access it. Hafnium isn’t the only group out there. There’s thousands of them, ready and waiting to exploit your system. So what’s the best way to secure your network? What’s the first step? JourneyTEAM is the answer. With a comprehensive and thorough Office 365 health check and taking your server to the cloud, you’ll have the peace of mind knowing your network is 100% secure.

Complete Microsoft 365 Health Check

No matter how familiar you are with your network, there may be gaps and weaknesses hiding in the background that you’re not aware of. The potential risk only increases with older programs and software and on-premise servers.

Only a complete check of your Microsoft 365 system by JourneyTEAM can alert you to potential vulnerabilities. Our health check (a 100+ page document) will scan your entire Azure AD and Office 365 settings, including:

  • Licensing review
  • App integration for user consent
  • Device integration
  • OneDrive
  • SharePoint default settings
  • Microsoft Teams settings
  • Overview of Power Apps and Power Flow

Our comprehensive scab of your network provides you with a list of actionable steps to take to increase security. Any outdated or legacy software is identified, enabling you to update or retire programs as needed. Ultimately, routine checks of your tenant provide you with the peace of mind knowing your data is safeguarded by the latest security measurements.


Now is the Time to Move to the Cloud

With the accessibility that the cloud provides, there’s an accompanying security risk. For example, if an employee is working from a coffee shop using public WiFi, the risk of a cyber attack is much higher.

However, Microsoft is one cloud provider that is consistently praised for the security protocols they have implemented into their cloud solution, Azure. The system was built specifically with security in mind and is regularly updated to stay compliant with security best practices. Additionally, security measures like built-in firewalls, third-party testing, AI tools, and ultra-backed up data are all included. Azure’s Security Centre helps to eliminate security gaps by helping IT personnel and team members stay up-to-date and informed about security measures.

If you haven’t made the move to Azure, now is the time to do so. However, cloud migration is a huge undertaking, and it can be difficult to know where to start. At JourneyTEAM, we’ve helped hundreds of organizations create a cloud-migration strategy that’s tailored to meet their unique needs. No matter what level of support you need, we’ll provide it and ensure you have a successful move.

Dedicated to Keeping You Protected

Whether it’s Hafnium hackers or some other group, your on-prem Exchange server is constantly under attack. To ensure it’s kept protected, it’s more important than ever to boost your security measures. JourneyTEAM is committed to helping you do so. With an Office 365 health check and customized cloud migration services, you’ll have the peace of mind knowing your tenant is completely secure. Contact a JourneyTEAM team member today to learn more.


Rhett Thumbnail ImageArticle by: Rhett Arave - Azure Team Member

Rhett.Arave@journeyteam.com | (801) 938-7825  or  (208) 680-2617 

JourneyTEAM is an award-winning consulting firm with proven technology and measurable results. They take Microsoft products; Dynamics 365, SharePoint intranet, Office 365, Azure, CRM, GP, NAV, SL, AX, and modify them to work for you. The team has expert level, Microsoft Gold certified consultants that dive deep into the dynamics of your organization and solve complex issues. They have solutions for sales, marketing, productivity, collaboration, analytics, accounting, security and more. www.journeyteam.com

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons