Geeks for your information News Privacy & Security News v
Microsoft Exchange Servers Face APT Attack Tsunami
Microsoft Exchange Servers Face APT Attack Tsunami
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  12 March 21, 08:46
Quote:Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers.
 
Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Four flaws can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a webshell for further exploitation within the environment.
 
And indeed, adversaries from the Chinese APT known as Hafnium were able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to the computing giant.
 
Microsoft was spurred to release out-of-band patches for the exploited bugs, known collectively as ProxyLogon, which are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
 
Microsoft said last week that the attacks were “limited and targeted.” But that’s certainly no longer the case. Other security companies have continued to say they have seen much broader, escalating activity with mass numbers of servers being scanned and attacked.
 
ESET researchers had confirmed this as well, and on Wednesday announced that it had pinpointed at least 10 APTs going after the bugs, including Calypso, LuckyMouse, Tick and Winnti Group.
 
“On Feb. 28, we noticed that the vulnerabilities were used by other threat actors, starting with Tick and quickly joined by LuckyMouse, Calypso and the Winnti Group,” according to the writeup. “This suggests that multiple threat actors gained access to the details of the vulnerabilities before the release of the patch, which means we can discard the possibility that they built an exploit by reverse-engineering Microsoft updates.”

Read more: Microsoft Exchange Servers Face APT Attack Tsunami | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Nvidia GeForce Game Ready Driver 610.52 ...
Nvidia GeForce Gam...harlan4096 — 07:41
Mozilla Firefox Browser 151.0.4
Mozilla Firefox Br...harlan4096 — 07:39
Adobe Acrobat Reader DC 26.001.21662
Adobe Acrobat Read...harlan4096 — 07:38
PowerToys v0.100.0
Release v0.100.0 ...harlan4096 — 07:37
Brave 1.91.171 (Chromium 149.0.7827.103)
Release v1.91.171 ...harlan4096 — 07:36

[-]
Birthdays
Today's Birthdays
avatar (42)zacforat
avatar (47)NemrokReks
Upcoming Birthdays
avatar (39)Tedscolo
avatar (46)brakasig
avatar (45)JamesReshy
avatar (47)Francisemefe
avatar (40)leoniDup
avatar (39)Patrizaancem
avatar (39)biobdam
avatar (38)Barrackleve
avatar (40)Julioagopy
avatar (50)aolaupitt2558
avatar (40)storoBox
avatar (48)kinotHeemn
avatar (39)Ceballos1976
avatar (40)efynu
avatar (32)horancos

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>