Hackers Using ProxyLogon & ProxyShell To Attack Microsoft Exchange Servers
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Hackers attack Microsoft Exchange servers because they often contain sensitive communication data that can be exploited for several illicit purposes.
Besides this, the widespread use of Microsoft Exchange in enterprises makes it an attractive and high-impact target for cybercriminals.
Three years later, ProxyLogon and ProxyShell vulnerabilities impacted Microsoft Exchange servers.
Recently, the Hunt Research Team discovered a server likely exploiting these flaws to access and steal sensitive government communications across multiple regions, including Afghanistan’s Presidential Palace.
These vulnerabilities, disclosed in 2021, allow unauthenticated attackers to execute commands and access mailboxes by exploiting server-side request forgery and leveraging legitimate services like Autodiscover and MAPI to impersonate users.
ProxyLogon & ProxyShell
Sensitive government communications of multiple countries, including Afghanistan and Laos, were discovered on a DigitalOcean server.
The server enabled unauthorized access to user emails via a similar Squirrelwaffle loader exploit code. The server also has an Acunetix Web Vulnerability Scanner with a unique certificate.
The exposed directory, which contained nearly 4,000 files, was promptly secured as soon as it was found.
.webp)
Exposed open directories (Source – Hunt)
This indicates that sophisticated attack actors could be targeting governmental sectors across regions. This is evident from the presence of Chinese-language folder names and specific exploit codes used.
Here below, we have mentioned all the countries that are targeted:-
A visible server disclosed thousands of files targeting government offices in various countries by exploiting known vulnerabilities with the use of adjusted open-source codes.
However, the conciseness of the exposure situation underscores the fact that malicious actors are still exploiting older vulnerabilities.
The Open Directories feature from Hunt is essential for increasing visibility on such live threats.
IoCs
.webp)
IoCs (Source – Hunt)
#Cyber_Attack #Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news #Microsoft_Exchange #ProxyLogon
Оригинальная версия на сайте:
Hackers Using ProxyLogon & ProxyShell To Attack Microsoft Exchange Servers
Author: Tushar Subhra DuttaHackers attack Microsoft Exchange servers because they often contain sensitive communication data that can be exploited for several illicit purposes.
Besides this, the widespread use of Microsoft Exchange in enterprises makes it an attractive and high-impact target for cybercriminals.
Three years later, ProxyLogon and ProxyShell vulnerabilities impacted Microsoft Exchange servers.
Recently, the Hunt Research Team discovered a server likely exploiting these flaws to access and steal sensitive government communications across multiple regions, including Afghanistan’s Presidential Palace.
These vulnerabilities, disclosed in 2021, allow unauthenticated attackers to execute commands and access mailboxes by exploiting server-side request forgery and leveraging legitimate services like Autodiscover and MAPI to impersonate users.
ProxyLogon & ProxyShell
Sensitive government communications of multiple countries, including Afghanistan and Laos, were discovered on a DigitalOcean server.
The server enabled unauthorized access to user emails via a similar Squirrelwaffle loader exploit code. The server also has an Acunetix Web Vulnerability Scanner with a unique certificate.
The exposed directory, which contained nearly 4,000 files, was promptly secured as soon as it was found.
Exposed open directories (Source – Hunt)This indicates that sophisticated attack actors could be targeting governmental sectors across regions. This is evident from the presence of Chinese-language folder names and specific exploit codes used.
Here below, we have mentioned all the countries that are targeted:-
- Afghanistan
- Georgia
- Argentina
- Laos
A visible server disclosed thousands of files targeting government offices in various countries by exploiting known vulnerabilities with the use of adjusted open-source codes.
However, the conciseness of the exposure situation underscores the fact that malicious actors are still exploiting older vulnerabilities.
The Open Directories feature from Hunt is essential for increasing visibility on such live threats.
IoCs
IoCs (Source – Hunt)#Cyber_Attack #Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news #Microsoft_Exchange #ProxyLogon
Оригинальная версия на сайте:
