Science & Technology

Microsoft Exchange Server abuses hit retail …

Mandiant researchers have identified a variety of victims affected by attacks targeting newly reported Microsoft Exchange Server vulnerabilities.

Attackers targeting four key Microsoft Exchange Server zero-days patched this week have attacked a variety of retail, government, and higher education organizations, according to Mandiant researchers who released observations of exploit activity today. I am reporting.

Microsoft, Issued a fix The March 2 vulnerability was used in “limited and targeted” attacks on law firms, infectious disease researchers, defense contractors, policy think tanks, and other victims. It assigns exploits to a group called hafnium with high confidence. Hafnium believes that the country is sponsored and operates in China.

Researchers wrote in a report that Mandiant began seeing cases of Microsoft Exchange Server abuse in at least one client environment in January. Their observations included creating a web shell for persistent access, remote code execution, and reconnaissance of endpoint security tools. In response, we have built a threat hunting campaign to detect attacker activity on Exchange Server.

“While the use of the web shell is common among threat actors, the parent process, timing, and victims of these files clearly demonstrate activity that began with the abuse of Microsoft Exchange,” he explained in a blog post. I am.

Researchers are currently tracking this activity on three clusters, UNC2639, UNC2640, and UNC2643, and predict that the number of clusters will increase as attacks increase. So far, the team has detected a variety of victims, including US-based retailers, local governments, universities, and engineering companies. Potential victims are said to include the Southeast Asian government and Central Asian telecommunications companies.

Enterprises are encouraged to patch vulnerabilities Soon..

Read Mandiant Complete blog post For more information on that observation.

DarkReading’s Quick Hits provide a brief overview and summary of the importance of breaking news events. For more information from the original source of the news item, follow the links provided in this article. View complete biography

Recommended reading:

Other insights



Microsoft Exchange Server abuses hit retail …

https://www.darkreading.com/vulnerabilities—threats/microsoft-exchange-server-exploits-hit-retail-government-education/d/d-id/1340338?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Microsoft Exchange Server abuses hit retail …

Back to top button