Microsoft Exchange Breach in Jan. 2021<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped.html\"><br \/>\n<meta property=\"og:title\" content=\"Microsoft Exchange Breach in Jan. 2021\"><br \/>\n<meta property=\"og:description\" content=\"The Microsoft Exchange breach that occurred Jan.-March 2021 by Chinese hacking group HAFNIUM is discussed in this article. Read more about this vulnerability.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/could-the-microsoft-exchange-breach-be-stopped.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Microsoft Exchange Breach in Jan. 2021\"><br \/>\n<meta name=\"twitter:description\" content=\"The Microsoft Exchange breach that occurred Jan.-March 2021 by Chinese hacking group HAFNIUM is discussed in this article. Read more about this vulnerability.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/could-the-microsoft-exchange-breach-be-stopped.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business context-devops\" id=\"readabilityBody\" readability=\"50.170556757372\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1534387689\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"7.2077922077922\">\n<div class=\"article-details\" role=\"heading\" readability=\"33.636363636364\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Multi Cloud<\/p>\n<p class=\"article-details__description\">A look at the latest Microsoft zero-day exploits and how Trend Micro could help protect you.<\/p>\n<p class=\"article-details__author-by\">By: Nitesh Surana <time class=\"article-details__date\">April 14, 2021<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"50.225651942523\">\n<div readability=\"48.817456093667\">\n<p>Last March it seemed the world came to a stand-still as the COVID-19 pandemic begin to rapidly spread. While businesses, sporting events, and schools started shutting down, cybercriminals remained active as ever. In 2020, the Trend Micro Zero Day Initiative\u2122 (ZDI) <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2021\/1\/14\/looking-back-at-the-zero-day-initiative-in-2020\" target=\"_blank\" rel=\"noopener\">published 1,453 advisories<\/a>, the most ever in the history of the program. More startling is the fact that 18.6% of all disclosures were published without a fix from the vendor\u2014another record-breaking stat.<\/p>\n<p>As ZDI predicted, 2021 continued to be a busy year. In March 2021, Microsoft kicked off the patch cycle early after releasing an <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/\" target=\"_blank\" rel=\"noopener\">advisory<\/a> regarding the mass exploitation of four zero-days vulnerabilities by a Chinese Hacking group, HAFNIUM, on the on-premises versions of the Microsoft Exchange Server. In the following days of the attack, <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/c\/microsoft-exchange-attack.html\" target=\"_self\" rel=\"noopener\">Trend Micro reported<\/a> that at least 30,000 organizations were thought to have been attacked in the US, and 63,000 servers remained exposed to these exploits.<\/p>\n<p>The vulnerability has been dubbed as <a href=\"https:\/\/proxylogon.com\/\" target=\"_blank\" rel=\"noopener\">ProxyLogon<\/a> by the researchers at DEVCORE, who are credited with finding the bugs in the proxy architecture and the logon mechanism of Exchange. DEVCORE reported two of the four zero-days (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noopener\">CVE-2021-26855<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-27065\" target=\"_blank\" rel=\"noopener\">CVE-2021-27065<\/a>) to Microsoft Security Response Center (MSRC). On March 2, <a href=\"https:\/\/www.volexity.com\/blog\/2021\/03\/02\/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">Volexity<\/a> reported in-the-wild exploitation of the vulnerabilities, to which DEVCORE <a href=\"https:\/\/proxylogon.com\/\" target=\"_blank\" rel=\"noopener\">confirmed<\/a> that the exploit observed by Volexity was the one submitted to MSRC.<\/p>\n<p>Since then, there has been opportunistic exploitation by various threat actors and ransomware groups (Dearcry, BlackKingdom) since majority of Outlook Web App portals are public and indexed by search engines like Google Search, Shodan, Binaryedge, Censys, Zoomeye etc. According to <a href=\"https:\/\/twitter.com\/shodanhq\/status\/1367525621065261062\" target=\"_blank\" rel=\"noopener\">Shodan<\/a>, on March 4, there were more than 266,000 Exchange Servers vulnerable to the ProxyLogon vulnerability, a day after the patch was released.<br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/shodan-results.png\" alt=\"Shodan Results\"><figcaption>Fig – Shodan Results<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<p>In lieu of these exploits, let\u2019s take a look at how Trend Micro Vision One\u2122 and Trend Micro Cloud One\u2122 can provide protection against two of the four zero-days, CVE-2021-26855 and CVE-2021-27065.<\/p>\n<p><b><span class=\"body-subhead-title\">Overview:<\/span><\/b><br \/>Two bugs are chained to achieve the remote code execution and for the attack to be successful, an attacker requires access to the Outlook Web App portal of the vulnerable Exchange Server, and a valid email address.<br \/> <\/p>\n<ol>\n<li>CVE-2021-26855: Microsoft Exchange Server Remote Code Execution Vulnerability (pre-authenticated Server-Side Request Forgery [SSRF])<\/li>\n<li>CVE-2021-27065: Microsoft Exchange Server Remote Code Execution Vulnerability (post-authenticated Arbitrary File Write)<br \/> <\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/ms-exchange-client-access-protocol-architecture.png\" alt=\"MS Exchange Client Access Protocol Architecture\"><figcaption>Fig – MS Exchange Client Access Protocol Architecture<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"45.767348754448\">\n<div readability=\"38.540925266904\">\n<p>The Client Access services (Outlook Web App portal) proxies the incoming connections to the Backend services. As per the Exchange <a href=\"https:\/\/docs.microsoft.com\/en-us\/exchange\/architecture\/architecture?view=exchserver-2019\" target=\"_blank\" rel=\"noopener\">documentation<\/a>, clients don\u2019t directly connect to the backend services. But because of the SSRF vulnerability, attackers can query the internal backend services and APIs on the Exchange Server, bypassing the frontend proxy.<\/p>\n<p>By abusing the SSRF, attackers can create session IDs and access tokens for privileged accounts with the context of the Exchange Control Panel, which can be used to write files with attacker-controlled content at a location on the target server, chosen by the attacker. Since Exchange depends on Internet Information Services (IIS) webserver, an attacker can write ASPX webshells and run arbitrary commands as SYSTEM on the Exchange Server.<\/p>\n<p>In January 2021, we came across extensive use of <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/a\/targeted-attack-using-chopper-aspx-web-shell-exposed-via-managed.html\" target=\"_self\" rel=\"noopener\">Chopper ASPX webshells<\/a> in targeted attacks by malicious actors to establish persistence and a foothold on the public-facing Outlook Web App servers.<br \/> <\/p>\n<p><span class=\"body-subhead-title\">Trend Micro Cloud One\u2122 \u2013 Workload Security Correlation:<\/span><br \/>Trend Micro Cloud One\u2122 \u2013 Workload Security is a cloud-native solution that provides automated security via powerful APIs. Security as code allows DevOps teams to bake security into their build pipeline to release continuously and frequently, so developers like yourself, can keep working without disruption from security. Workload Security uses advanced security controls such as <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/capabilities\/intrusion-prevention.html\" target=\"_self\" rel=\"noopener\">intrusion prevention system<\/a> (IPS), deep packet inspection (DPI), and <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/capabilities\/integrity-monitoring.html\" target=\"_self\" rel=\"noopener\">integrity monitoring<\/a> to protect Exchange Servers from attackers that could exploit ProxyLogon. The following detection rules safeguard a vulnerable Exchange Server from the CVEs reported:<\/p>\n<p>Intrusion Prevention System detections:<br \/> <\/p>\n<ol>\n<li>1010854 – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)<\/li>\n<li>1010868 – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27065)<\/li>\n<li>1010870 – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27065) \u2013 1<\/li>\n<li>1007170 – Identified Suspicious China Chopper Webshell Communication (ATT&CK T1100)<\/li>\n<li>1005934 – Identified Suspicious Command Injection Attack<\/li>\n<\/ol>\n<p>Integrity Monitoring detections:<\/p>\n<ol>\n<li>1010855 – Microsoft Exchange – HAFNIUM Targeted Vulnerabilities<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/1010854-microsoft-exchange-server-remote-code-execution-vulnerability.png\" alt=\"Image 2\"><figcaption>1010854 – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26855)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/1007170-identified-suspicious-china-chopper-webshell-communication.png\" alt=\"1007170 - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1100)\"><figcaption>1007170 – Identified Suspicious China Chopper Webshell Communication (ATT&CK T1100)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/1010870-microsoft-exchange-server-remote-code-execution-vulnerability.png\" alt=\"1010870 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27065) - 1\"><figcaption>1010870 – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27065) – 1<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/1005934-identified-suspicious-command-injection-attack.png\" alt=\"1005934 - Identified Suspicious Command Injection Attack\"><figcaption>1005934 – Identified Suspicious Command Injection Attack<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/1010855-microsoft-exchange-hafnium-targeted-vulnerabilities.png\" alt=\"1010855 - Microsoft Exchange - HAFNIUM Targeted Vulnerabilities\"><figcaption>1010855 – Microsoft Exchange – HAFNIUM Targeted Vulnerabilities<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><span class=\"body-subhead-title\">Trend Micro Vision One\u2122 Correlation:<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/microsoft-exchange-server-rce-vulnerability.png\" alt=\"Microsoft Exchange Server RCE Vulnerability (CVE-2021-26855 + CVE-2021-27065)\"><figcaption>Fig – Microsoft Exchange Server RCE Vulnerability (CVE-2021-26855 + CVE-2021-27065)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.418380462725\">\n<div readability=\"22.735218508997\">\n<p>Trend Micro Vision One\u2122 is a purpose-built, threat defense platform with extended detection and response (XDR) capabilities that work to prevent majority of attacks with automated protection. The solution allows you to see more and respond faster by collecting and correlating data across email, endpoints, servers, cloud workloads, and networks.<\/p>\n<p>Using the <a href=\"https:\/\/www.youtube.com\/watch?v=odGDYzQbe80\" target=\"_blank\" rel=\"noopener\">Trend Micro Vision One Workbench<\/a>, you can easily see what threats were detected, attack techniques, and a prioritized list of risky devices and users. With Trend Micro Vision One, we ran a public proof of concept (PoC) <a href=\"https:\/\/github.com\/p0wershe11\/ProxyLogon\/blob\/main\/ProxyLogon.py\" target=\"_blank\" rel=\"noopener\">available<\/a> online exploiting the ProxyLogon vulnerability. The above image shows the vulnerability detected and all the assets related to the alert for further investigation. Let\u2019s take a deeper look:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/potential-chopper-webshell-detection.png\" alt=\"Potential Chopper Webshell Detection\"><figcaption>Fig – Potential Chopper Webshell Detection<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.610510046368\">\n<div readability=\"16.816074188563\">\n<p>The Potential Chopper Webshell Execution model triggers when the web shell is already present on the machine and is being used as a backdoor to run commands as SYSTEM on the Exchange Server using China Chopper.<\/p>\n<p>The metrics provided by this model should be investigated carefully, since the ProxyLogon zero-day vulnerability was exploited in-the-wild, before Microsoft addressed the issue publicly. Microsoft has since taken things a step further by creating <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/march-2021-exchange-server-security-updates-for-older-cumulative\/ba-p\/2192020\" target=\"_blank\" rel=\"noopener\">patches<\/a> for out-of-support versions of Exchange. Overall, Microsoft released patches for 89 unique CVEs in March\u201414 of which were listed as Critical and 75 listed as Important in severity.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/microsoft-exchange-server-possible-aspx-web-shell.png\" alt=\"Microsoft Exchange Server Possible ASPX Web Shell\"><figcaption>Fig – Microsoft Exchange Server Possible ASPX Web Shell<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>The above model triggers when a new web shell is created. You can see the path and name of the web shell.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/potential-chopper-webshell-execution.png\" alt=\"Potential Chopper Webshell Execution\"><figcaption>Fig – Potential Chopper Webshell Execution<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/identified-suspicious-china-chopper-webshell-communication.png\" alt=\"Identified Suspicious China Chopper Webshell Communication\"><figcaption>Fig – Identified Suspicious China Chopper Webshell Communication<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/possible-credential-dumping-via-command-line.png\" alt=\"Possible Credential Dumping via Command Line\"><figcaption>Fig – Possible Credential Dumping via Command Line<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>This model is triggered when an attacker fetches the credentials using a command-line from within the memory using Mimikatz. Since the web shell runs as the SYSTEM user, an attacker can fetch the NT LAN Manager (NTLM) hashes of the logged-in users, create or delete accounts, and perform extensive post-exploitation activities on the Exchange Server.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/executing-mimikatz-as-system-using-cc.png\" alt=\"Executing Mimikatz as SYSTEM using CC\"><figcaption>Figure – Executing Mimikatz as SYSTEM using CC<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/system-owner-user-discovery.png\" alt=\"System Owner User Discovery\"><figcaption>Fig – System Owner User Discovery<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>The above event was triggered when we ran whoami from within the Chopper web shell. Since requests to the ASPX web shell are handled by the privileged w3wp.exe, an IIS Worker Process in the configured IIS application pool (Microsoft Exchange App pool) runs the commands in the context of NT Authority\\SYSTEM user.<\/p>\n<p>RCA Diagrams:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped\/rca-executing-commands-using-chopper-cnc.png\" alt=\"Executing commands using Chopper CnC\"><figcaption>Fig. Executing commands using Chopper CnC<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p><span class=\"body-subhead-title\">Conclusion<\/span><br \/>There is no silver bullet when it comes to cybersecurity but using solutions that bake into your development pipeline to provide security as early as possible is better than scrambling for patches after deployment. Quick and easy to deploy solutions like Trend Micro Cloud One and Trend Micro Vision One can provide you with SecOps-approved security from build-time to runtime without slowing you down. Imagine that!<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"devopsrc-112ed6\" href=\"http:\/\/cloudone.trendmicro.com\/SignUp.screen?refer=devopsrc\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/trial-banners\/cloud-one-trial-banner.jpg\" alt=\"cloud-one-trial\"> <\/a> <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A look at the latest Microsoft zero-day exploits and how Trend Micro could help protect you. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":42767,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9503,9501,9507,9618,9500],"class_list":["post-42766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-devops-article","tag-trend-micro-devops-cloud-native","tag-trend-micro-devops-multi-cloud","tag-trend-micro-devops-research","tag-trend-micro-devops-workload-security"],"yoast_head":"\n<title>Could the Microsoft Exchange breach be stopped? Threat Research Engineer 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Could the Microsoft Exchange breach be stopped? Threat Research Engineer 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-14T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png\" \/>\n\t<meta property=\"og:image:width\" content=\"594\" \/>\n\t<meta property=\"og:image:height\" content=\"407\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Could the Microsoft Exchange breach be stopped? Threat Research Engineer\",\"datePublished\":\"2021-04-14T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/\"},\"wordCount\":1291,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png\",\"keywords\":[\"Trend Micro DevOps : Article\",\"Trend Micro DevOps : Cloud Native\",\"Trend Micro DevOps : Multi Cloud\",\"Trend Micro DevOps : Research\",\"Trend Micro DevOps : Workload Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/\",\"name\":\"Could the Microsoft Exchange breach be stopped? Threat Research Engineer 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png\",\"datePublished\":\"2021-04-14T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png\",\"width\":594,\"height\":407},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro DevOps : Article\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-devops-article\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Could the Microsoft Exchange breach be stopped? Threat Research Engineer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Could the Microsoft Exchange breach be stopped? Threat Research Engineer 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/","og_locale":"en_US","og_type":"article","og_title":"Could the Microsoft Exchange breach be stopped? Threat Research Engineer 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-14T00:00:00+00:00","og_image":[{"width":594,"height":407,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Could the Microsoft Exchange breach be stopped? Threat Research Engineer","datePublished":"2021-04-14T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/"},"wordCount":1291,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png","keywords":["Trend Micro DevOps : Article","Trend Micro DevOps : Cloud Native","Trend Micro DevOps : Multi Cloud","Trend Micro DevOps : Research","Trend Micro DevOps : Workload Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/","url":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/","name":"Could the Microsoft Exchange breach be stopped? Threat Research Engineer 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png","datePublished":"2021-04-14T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer.png","width":594,"height":407},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro DevOps : Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/"},{"@type":"ListItem","position":3,"name":"Could the Microsoft Exchange breach be stopped? Threat Research Engineer"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42766"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42766\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42767"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":42766,"date":"2021-04-14T00:00:00","date_gmt":"2021-04-14T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/d\/could-the-microsoft-exchange-breach-be-stopped.html"},"modified":"2021-04-14T00:00:00","modified_gmt":"2021-04-14T00:00:00","slug":"could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/could-the-microsoft-exchange-breach-be-stopped-threat-research-engineer\/","title":{"rendered":"Could the Microsoft Exchange breach be stopped? Threat Research Engineer"},"content":{"rendered":"