Geeks for your information News Privacy & Security News v
FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  15 April 21, 12:19
Quote:The Feds have cleared malicious web shells from hundreds of vulnerable computers in the United States that had been compromised via the now-infamous ProxyLogon Microsoft Exchange vulnerabilities.
 
ProxyLogon comprises a group of security bugs affecting on-premises versions of Microsoft Exchange Server software for email. Microsoft last month warned that the bugs were being actively exploited by the Hafnium advanced persistent threat (APT); after that, other researchers said that 10 or more additional APTs were also using them.
 
ProxyLogon consists of four flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) that can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a web shell for further exploitation within the environment, such as the deployment of ransomware.
 
While patching levels have accelerated, this doesn’t help already-compromised computers.
“Many infected system owners successfully removed the web shells from thousands of computers,” explained the Department of Justice, in a Tuesday announcement. “Others appeared unable to do so, and hundreds of such web shells persisted unmitigated.”
 
This state of affairs prompted the FBI to take action; in a court-authorized action, it issued a series of commands through the web shells to the affected servers. The commands were designed to cause the server to delete only the web shells (identified by their unique file path). It didn’t notify affected organizations ahead of time, but authorities said they’re sending out notices now.
 
“Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” said Assistant Attorney General John Demers for the DoJ’s National Security Division, in the statement.

Read more: FBI Clears ProxyLogon Web Shells from Hundreds of Orgs | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Adobe Acrobat Reader DC 2026.001.21529
Adobe Acrobat Read...harlan4096 — 09:58
AxCrypt 3.0.0.90
AxCrypt 3.0.0.90: ...harlan4096 — 06:27
Microsoft Edge 147.0.3912.98
Version 147.0.3912...harlan4096 — 06:26
Google Chrome 147.0.7727.137/138
Google Chrome 147....harlan4096 — 06:22
Rufus 4.14
Rufus 4.14 (stable...harlan4096 — 06:19

[-]
Birthdays
Today's Birthdays
avatar (74)divinenews
avatar (51)plajhunTat
Upcoming Birthdays
avatar (28)akiratoriyama
avatar (48)Jerrycix
avatar (40)awedoli
avatar (82)WinRARHowTo
avatar (38)owysykan
avatar (49)beautgok
avatar (39)axuben
avatar (45)talsmanthago
avatar (31)mocetor
avatar (46)piomaibhaict
avatar (51)kingbfef
avatar (38)izenesiq
avatar (45)centfootadoni
avatar (40)ihijudu
avatar (45)tiojusop
avatar (42)Damiennug
avatar (40)acoraxe
avatar (49)contjrat
avatar (41)axylisyb
avatar (44)tukrublape
avatar (41)iruqi
avatar (42)saitetib
avatar (36)ypasodiny
avatar (39)omapek
avatar (48)Geraldtuh
avatar (44)knigiJow
avatar (46)1stOnecal
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (45)xclubDum
avatar (41)Stewartanilm
avatar (44)nikitaxople
avatar (40)GregoryRog
avatar (45)mediumog
avatar (40)odukoromu
avatar (46)Joanna4589
avatar (28)Honor6

[-]
Online Staff
There are no staff members currently online.

>