Some Bangladeshi organisations running Microsoft Exchange mail servers have been compromised by cyberattacks, says the e-Government Computer Incident Response Team (BGD e-GOV CIRT) in an advisory.
It named a few business groups that have already been compromised and asked others to check their systems.
The advisory mentioned the name of HAFNIUM, a Chinese hacker group, which has carried out such attacks across the globe.
The BGD e-GOV CIRT has asked a number of state-owned and private organisations to carry out scans of their mail servers to see if any malware had been injected into their system and to believe that they have been compromised if such malware was found.
According to Tom Burt, corporate vice president, Customer Security & Trust at Microsoft, the attacks happen in three steps: firstly, the attacker would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Secondly, it would create what's called a web shell to control the compromised server remotely. Lastly, it would use that remote access -- run from the US-based private servers --– to steal data from an organisation's network.
The attacker group, HAFNIUM, is primarily known for targeting US industries and businesses. They shot to fame after they started exploiting vulnerability of customer-facing servers. Their activities came to light early this year with an increase in intensity since early March.