{"id":1679,"date":"2021-04-28T08:31:09","date_gmt":"2021-04-28T08:31:09","guid":{"rendered":"https:\/\/blog.kdmarc.com\/blog\/?p=1679"},"modified":"2024-08-12T12:11:22","modified_gmt":"2024-08-12T06:41:22","slug":"microsoft-exchange-server-hack","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/","title":{"rendered":"All About the Infamous Microsoft Exchange Server Hack"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">With so many <\/span>cyber attacks making the headlines in 2021<span style=\"font-weight: 400;\">, no individual or organization feels safe in this new era of cybercrime. The <\/span><b>mass cyber attack on Microsoft Exchange Server<\/b><span style=\"font-weight: 400;\"> has significantly added to the rising terror of cyber attacks. The attack has impacted thousands of organizations and millions of individuals worldwide.\u00a0<\/span><\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#How_did_the_Microsoft_Exchange_Server_Hack_Happen\" >How did the Microsoft Exchange Server Hack Happen?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#What_are_the_Four_Critical_Vulnerabilities\" >What are the Four Critical Vulnerabilities?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#Who_is_Responsible_for_the_Attacks\" >Who is Responsible for the Attacks?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#Consequences_of_Microsoft_Exchange_Server_Hack\" >Consequences of Microsoft Exchange Server Hack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#What_Should_Organizations_Do_to_Defend_Against_Such_Attacks\" >What Should Organizations Do to Defend Against Such Attacks?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">State-sponsored threat actors and other cybercriminals have been actively exploiting <\/span><b>four <span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/zero-day-attack\/\">zero-day vulnerabilities<\/a><\/span><\/b><span style=\"font-weight: 400;\"> in Microsoft Exchange Server for months to deploy malware and backdoors for launching widespread attacks. Here is everything you need to know about the infamous Microsoft Exchange Server hack.<\/span><\/span><\/p>\n\n<style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n<div class=\"row\">\n<div class=\"colLeft\">\n<p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n<p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n\n<div>\n<div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\">\n<div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a><\/div>\n<\/form><\/div>\n<\/div>\n<\/div>\n<div class=\"colRight\">\n<div>\n<div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_did_the_Microsoft_Exchange_Server_Hack_Happen\"><\/span><span style=\"color: #000000;\"><b>How did the Microsoft Exchange Server Hack Happen?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Microsoft became aware of the four zero-day bugs in its Exchange Server in early January. A DEVCORE researcher found two of the security issues and reported them to Microsoft around January 5, 2021. Suspicious activity on Microsoft Exchange servers was reported in the same month.<\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">On 2nd March 2021, Microsoft disclosed that Chinese hackers were actively exploiting the vulnerabilities to gain access to organizations\u2019 email accounts. The company issued security patches for Exchange\u2019s 2010, 2013, 2016, and 2019 versions to tackle the four critical vulnerabilities in its software.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Microsoft advised the companies to prioritize installing the issued updates on their externally facing Exchange servers. Also, CISA issued an emergency directive warning all federal civilian departments and agencies to either update the software or disconnect the products from their networks.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">While the patches have been released, the scope of potential compromise of the Exchange Server entirely depends on the speed and uptake of updates. Even over a month later, the security issue has continued to be a problem.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_are_the_Four_Critical_Vulnerabilities\"><\/span><span style=\"color: #000000;\"><b>What are the Four Critical Vulnerabilities?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Collectively called \u2018<\/span><b>ProxyLogon<\/b><span style=\"font-weight: 400;\">\u2019, a total of four zero-day vulnerabilities were discovered in the 2013, 2016, and 2019 versions of the Microsoft Exchange Server. If used in an attack chain, these vulnerabilities can cause Remote Code Execution (RCE), backdoors, data theft, server hijacking, and further malware deployment. Here is the list of these vulnerabilities:<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>1. CVE-2021-26855<\/b><span style=\"font-weight: 400;\">: This is a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to send specially constructed HTTP requests, resulting in remote code execution.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>2. CVE-2021-26857<\/b><span style=\"font-weight: 400;\">: This is an insecure deserialization vulnerability in the Exchange Unified Messaging Service that allows a hacker to deploy arbitrary code, enabling the forgery of a body of data query to trick the high-privilege service into executing the code.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>3. CVE-2021-26858<\/b><span style=\"font-weight: 400;\">: This is a post-authentication arbitrary file write vulnerability that lets authorized Exchange users overwrite any existing file with their own data. To exploit this vulnerability, the hacker either has to compromise administrative credentials or combine them with another vulnerability.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>4. CVE-2021-27065<\/b><span style=\"font-weight: 400;\">: This is another post-authentication arbitrary file write vulnerability that allows an authorized hacker to overwrite any system file on the server.<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Who_is_Responsible_for_the_Attacks\"><\/span><span style=\"color: #000000;\"><b>Who is Responsible for the Attacks?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">According to Microsoft, the original attacks exploiting the zero-day vulnerabilities have been traced back to <\/span><b>Hafnium<\/b><span style=\"font-weight: 400;\">, which is <\/span><b>a state-sponsored advanced persistent threat (APT) group from China<\/b><span style=\"font-weight: 400;\">.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Even though it originates in China, Hafnium uses a network of virtual private servers (VPS) in the US to conceal its true location. The group has previously targeted think tanks, defense contractors, nonprofits, and researchers.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Hafnium may have started these attacks, however, it is not the only one taking advantage of these vulnerabilities. <\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/www.welivesecurity.com\/2021\/03\/10\/exchange-servers-under-siege-10-apt-groups\/\" target=\"_blank\" rel=\"noopener noreferrer\"><b><span style=\"color: #183994;\">At least 10 APT groups<\/span><\/b><\/a><\/span><b> have been exploiting the Microsoft Exchange Server vulnerabilities<\/b><span style=\"font-weight: 400;\"> to wreak havoc. The major state-sponsored groups connected to the attacks include <\/span><b>LuckyMouse<\/b><span style=\"font-weight: 400;\">, <\/span><b>Winnti Group<\/b><span style=\"font-weight: 400;\">, <\/span><b>Tick,<\/b><span style=\"font-weight: 400;\"> and <\/span><b>Calypso<\/b><span style=\"font-weight: 400;\">.&nbsp;<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Consequences_of_Microsoft_Exchange_Server_Hack\"><\/span><span style=\"color: #000000;\"><b>Consequences of Microsoft Exchange Server Hack<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Even though several on-premises Exchange servers have been patched, investigations have uncovered multiple threats plaguing the already compromised systems. On March 12, Microsoft revealed that <\/span><b>a variant of the infamous DoejoCrypt\/DearCry ransomware is leveraging the zero-day flaws to deploy ransomware<\/b><span style=\"font-weight: 400;\"> on vulnerable Exchange servers. The installation of Monero cryptocurrency miners on Exchange servers was documented in April.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Many incidents involving <\/span><b>BlackKingdom<\/b><span style=\"font-weight: 400;\">, <\/span><b>Cobalt Strike,<\/b><span style=\"font-weight: 400;\"> and the <\/span><b>Lemon Duck cryptocurrency mining botnet<\/b><span style=\"font-weight: 400;\"> have come to light. Additionally, the deployment of web shells, like <\/span><b>China Chopper<\/b><span style=\"font-weight: 400;\">, on compromised servers has become a common attack vector.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Batch files written to servers that are infected with ransomware may continue to offer unauthorized access to vulnerable systems, even once the infections have been removed.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The <\/span><b>European Banking Authority (EBA) has become one of the most prominent victims<\/b><span style=\"font-weight: 400;\"> of these attacks. The EBA issued a statement:<\/span><\/span><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><i><span style=\"font-weight: 400;\">&#8220;The European Banking Authority (EBA) has been the subject of a cyber-attack against its Microsoft Exchange Servers, which is affecting many organizations worldwide. The Agency has swiftly launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities.&#8221;&nbsp;<\/span><\/i><\/span><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Should_Organizations_Do_to_Defend_Against_Such_Attacks\"><\/span><span style=\"color: #000000;\"><b>What Should Organizations Do to Defend Against Such Attacks?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">In light of such disastrous cyber attacks, it has become critical to re-examine your organization\u2019s current security framework and plan out your next steps for better protecting sensitive data. Here are some measures you should take right away to shield your business from such attacks in the future:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><b>Conduct Periodic VAPT<\/b><span style=\"font-weight: 400;\">: Conducting <\/span><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/www.kratikal.com\/vapt-testing-companies.php?utm_source=KDMARC&amp;utm_medium=Blog&amp;utm_campaign=All%20About%20the%20Infamous%20Microsoft%20Exchange%20Server%20Hack\" target=\"_blank\" rel=\"noopener noreferrer\"><b>Vulnerability Assessment and Penetration Testing<\/b><\/a><\/span><span style=\"font-weight: 400;\"> offer the most effective way of identifying even the smallest of weaknesses in your organization\u2019s cyber security infrastructure. Fix the detected vulnerabilities immediately to strengthen security.\u00a0<\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Reinforce Email Security<\/b><span style=\"font-weight: 400;\">: There is a lot you can do to strengthen your <\/span><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/how-to-implement-dmarc\/\"><b>email security<\/b><\/a><\/span> <span style=\"font-weight: 400;\">framework. One essential measure is utilizing standard email authentication protocols such as <span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/what-is-dmarc\/\"><strong>DMARC<\/strong><\/a><\/span>, <a href=\"https:\/\/threatcop.com\/blog\/spf-and-dkim\/\"><span style=\"color: #183994;\"><strong>SPF, and DKIM<\/strong><\/span><\/a> to defend your organization against domain forgery. <\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/threatcop.com\/tdmarc\"><b><span style=\"color: #183994;\">TDMARC<\/span><\/b><\/a><\/span><span style=\"font-weight: 400;\"> is an email authentication solution that monitors all three outbound email authentication protocols and offers protection against advanced email-based attacks.<\/span><\/span><\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image size-full wp-image-9629\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1080\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/giphy.gif\" alt=\"email security\" class=\"wp-image-9629\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\"><strong>(Source: Axios)<\/strong><\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\"><b>Enable<\/b> <b>MFA<\/b><span style=\"font-weight: 400;\">: Implementing Multi-Factor Authentication on all the applicable endpoints across the enterprise networks is an excellent way of adding an extra layer of security to your organization\u2019s cyber security framework.<\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Take a Data-centric Approach<\/b><span style=\"font-weight: 400;\">: Instead of focusing all your efforts on protecting the perimeter, make sure to take the appropriate measures for protecting the data as well. Adds as many additional layers of protection to your valuable information as you can, ensuring the safety of your data even in the face of a breach.\u00a0<\/span><\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><b>Adopt Cyber Security Best Practices<\/b><span style=\"font-weight: 400;\">: Enforce best practices like a strong password policy and zero trust policy. Make sure your employees are aware of the consequences of not following the practices and understand their responsibility in keeping the organization safe.\u00a0<\/span><\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">With so many big and small organizations worldwide being breached due to these four zero-day vulnerabilities, it has become abundantly clear how important it is to take preventive measures. After all, prevention is better than cure, right? So, take the necessary precautions now and stay on your guard.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With so many cyber attacks making the headlines in 2021, no individual or organization feels safe in this new era of cybercrime. The mass cyber attack on Microsoft Exchange Server has significantly added to the rising terror of cyber attacks. The attack has impacted thousands of organizations and millions of individuals worldwide.\u00a0 State-sponsored threat actors [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7364,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41],"tags":[],"class_list":["post-1679","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attacks"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Infamous Microsoft Exchange Server Hack | Threatcop<\/title>\n<meta name=\"description\" content=\"The mass cyber attack on Microsoft Exchange Server has has impacted thousands of organizations and millions of individuals worldwide...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Infamous Microsoft Exchange Server Hack | Threatcop\" \/>\n<meta property=\"og:description\" content=\"The mass cyber attack on Microsoft Exchange Server has has impacted thousands of organizations and millions of individuals worldwide...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-28T08:31:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-12T06:41:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/amous_Microsoft_Exchange_Server_Hack.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"All About the Infamous Microsoft Exchange Server Hack\",\"datePublished\":\"2021-04-28T08:31:09+00:00\",\"dateModified\":\"2024-08-12T06:41:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/\"},\"wordCount\":1102,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/amous_Microsoft_Exchange_Server_Hack.webp\",\"articleSection\":[\"Cyber Attacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/\",\"name\":\"The Infamous Microsoft Exchange Server Hack | Threatcop\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/amous_Microsoft_Exchange_Server_Hack.webp\",\"datePublished\":\"2021-04-28T08:31:09+00:00\",\"dateModified\":\"2024-08-12T06:41:22+00:00\",\"description\":\"The mass cyber attack on Microsoft Exchange Server has has impacted thousands of organizations and millions of individuals worldwide...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/amous_Microsoft_Exchange_Server_Hack.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/amous_Microsoft_Exchange_Server_Hack.webp\",\"width\":1250,\"height\":1200,\"caption\":\"Microsoft Exchange Server Hack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-exchange-server-hack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"All About the Infamous Microsoft Exchange Server Hack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Infamous Microsoft Exchange Server Hack | Threatcop","description":"The mass cyber attack on Microsoft Exchange Server has has impacted thousands of organizations and millions of individuals worldwide...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/","og_locale":"en_US","og_type":"article","og_title":"The Infamous Microsoft Exchange Server Hack | Threatcop","og_description":"The mass cyber attack on Microsoft Exchange Server has has impacted thousands of organizations and millions of individuals worldwide...","og_url":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2021-04-28T08:31:09+00:00","article_modified_time":"2024-08-12T06:41:22+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/amous_Microsoft_Exchange_Server_Hack.webp","type":"image\/webp"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"All About the Infamous Microsoft Exchange Server Hack","datePublished":"2021-04-28T08:31:09+00:00","dateModified":"2024-08-12T06:41:22+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/"},"wordCount":1102,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/amous_Microsoft_Exchange_Server_Hack.webp","articleSection":["Cyber Attacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/","url":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/","name":"The Infamous Microsoft Exchange Server Hack | Threatcop","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/amous_Microsoft_Exchange_Server_Hack.webp","datePublished":"2021-04-28T08:31:09+00:00","dateModified":"2024-08-12T06:41:22+00:00","description":"The mass cyber attack on Microsoft Exchange Server has has impacted thousands of organizations and millions of individuals worldwide...","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/amous_Microsoft_Exchange_Server_Hack.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2021\/04\/amous_Microsoft_Exchange_Server_Hack.webp","width":1250,"height":1200,"caption":"Microsoft Exchange Server Hack"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/microsoft-exchange-server-hack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"All About the Infamous Microsoft Exchange Server Hack"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=1679"}],"version-history":[{"count":9,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1679\/revisions"}],"predecessor-version":[{"id":11638,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/1679\/revisions\/11638"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/7364"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=1679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=1679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=1679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}