Friday, July 23, 2021

Microsoft Exchange zero-day exploited in attacks against US local governments

Must Read

China Released New Law Regarding vulnerability disclosure rules

The Cyberspace Administration of China (CAC) Released a New Law Regarding vulnerability disclosure rules that mandate security researchers to...

Microsoft joins Space ISAC as a founding member to support cybersecurity

The Space Information Sharing and Analysis Center (ISAC) welcomed its newest member, Microsoft, on June 23 with an announcement...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on...

Ongoing investigations into the active use of four Microsoft Exchange bugs has revealed attacks against US local government agencies.

On March 2, Microsoft warned that the current risk of zero-days – now tracked such as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 – was being exploited by attackers in the wild.

If abused, the vulnerability can be used to access data of servers using the Exchange Server 2013, 2016, and 2019 software.

Microsoft has urged customers to immediately use the provided clips to address the risk, but as is often the case with zero-day disclosures, cyber attackers are quick to exploit them.

According to the FireEye team of the Mandiant Managed Defense cybersecurity team, a wave of attacks targeted at the United States violated Exchange security breaches.

Among the latest victims are local government agencies, an unnamed university, an engineering firm, and a host of vendors in the United States.

This month, one threatening character was seen using at least one crash to install a web shell on the Exchange Exchange server to “establish persistence and second access,” according to the group. In two cases, cyber attackers want to delete existing administrator accounts on Exchange servers.

Verified theft, compression of the release date, and the use of PowerShell to steal all email inboxes were also recorded. Agreement tools, Nishang, and PowerCat are used to maintain remote access.

Mandiant added that the compromise of two other organizations, the Southeast Asian government, and the Central Asian communications company, may be related to the campaign.

“The work we have seen, combined with others in the information security industry, shows that these threatening players are likely to use the Exchange Server’s vulnerability to gain access to the environment,” Mandiant said. “This work is immediately followed by additional access and persistent processes.”

Microsoft has previously reported attacks on Hafnium, a Chinese government-sponsored opposition group that threatens (APT). APT has been linked to earlier attacks on US defense firms, the legal profession, researchers, and think tanks.

Mandiant expects more collections of intrusions to emerge, a problem that could continue until the endangered servers are announced. Kaspersky says there is a high risk of data theft and theft.

Microsoft Exchange users are urged to update their software as soon as possible.

On issues related to this week, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive instructing government agencies to respond immediately to the vulnerability of Microsoft Exchange.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This