Credential Theft Campaign Targets Microsoft Servers in 26 Countries
Cybersecurity experts have uncovered a global hacking campaign where attackers secretly steal passwords by planting hidden code in Microsoft Exchange email login pages.
The attacks have hit at least 65 organizations across 26 countries, including government offices, banks, schools, and tech companies. Once users enter their login details, the stolen information is either stored on the server or sent directly to the hackers using tools like Telegram.
According to Russian cybersecurity firm Positive Technologies, these attackers are targeting older security flaws that many organizations have yet to fix. Some of the attacks have been going on quietly since 2021, and in many cases, victims don’t even know their login pages were tampered with.
Countries most affected include Vietnam, Russia, Taiwan, China, Pakistan, and others, with government agencies being among the top targets.
How to Stay Safe
While this threat mainly targets organizations, individuals and IT teams can take the following precautions:
- Update your software: Make sure Microsoft Exchange and other systems are running the latest security updates.
- Use multi-factor authentication (MFA): Adding a second step to log in (like a code sent to your phone) makes it harder for hackers to misuse stolen passwords.
- Watch for strange behavior: If your email behaves oddly or asks for your login repeatedly, report it.
- Regularly check login pages: IT teams should review login pages for unauthorized changes.
- Limit server access from the internet: Only allow access to internal systems when necessary.
Source: https://thehackernews.com/2025/06/hackers-target-65-microsoft-exchange.html