A state-sponsored threat actor from China is exploiting a number of zero-day flaws in on-premesis Microsoft Exchange Servers all over the globe. The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which were addressed in today’s Microsoft Security Response Center (MSRC) release – Multiple Security Updates Released for Exchange Server.

Chris Krebs, the former director of CISA, similarly said Friday that organizations that had their server exposed to the internet during a specific time frame should just “assume” they had been compromised by the hacking campaign.

Many large corporations such as American Airlines and United have already issued public statements that some personal information such as name and mileage numbers may be compromised and recommended users reset their passwords.