FAMOUS CYBER HACK WEB PROJECT
The Microsoft Exchange Server Hack
A 2-Day Research & Web Design Assignment
CL.
03/04/2025
Research & Planning
The cyber hack I’m researching is the Microsoft Exchange Server Hack.
Who were the hackers?
The hackers were a state-sponsored hacking group called Hafnium from China.
What happened?
What happened was that the attackers exploited multiple zero-day vulnerabilities (a flaw that hasn’t been patched) in the Microsoft Exchange email servers. Giving them unauthorized access to emails, deploying malware, and taking full control of affected systems.
When & Where did the attack occur?
This attack occurred in 2021, though Microsoft was still advanced in cybersecurity this year, they aren’t as advanced as they are now, which is why this attack happened.
Why did they do it? & How was the attack carried out?
They did this because they aimed to collect trade secrets, government intelligence, financial data, and corporate strategies. This way of taking information illegal is called cyber-espionage. And since the attack was carried out by exploiting four zero-day vulnerabilities in the Microsoft Exchange email servers. These vulnerabilities were:
• CVE-2021-26855 (Server-Side Request Forgery - SSRF)
• CVE-2021-26857 (Insecure Deserialization)
• CVE-2021-26858 & CVE-2021-27065 (Post-Authentication File Write Vulnerabilities)
Go to Impact