The anti-virus software maker said that threat actors potentially used Microsoft’s mail server faults to install malware such as web shells and gain backdoor entry into victims’ email servers. It has identified the presence of web shells on more than 5,000 unique servers in more than 115 countries.
(For a quick snapshot of the top 5 tech stories, subscribe to our today’s Cash Newsletter. Click here to subscribe for free.)
According to researchers at cyberspace firm ESET, Microsoft Exchange Server vulnerabilities are being exploited by more than 10 different Advanced Persistent Threats (APT) groups to compromise the email servers of various organizations.
The anti-virus software maker said that threat actors potentially used Microsoft’s mail server faults to install malware such as web shells and gain backdoor entry into victims’ email servers. The company said in a release that it has identified the presence of web shells on more than 5,000 unique servers in more than 115 countries.
This server belongs to private and public enterprises located around the world. ESET mentioned that in some cases, multiple threat actors were targeting the same organization.
Recently, the Federal Office for Information Security (BSI) stated that at least 60,000 computer systems in Germany were exposed to a Microsoft mail server defect.
The European Banking Authority stated that it is the subject of a cyber attack against its Microsoft Exchange servers, which may have given the attacker access to personal data via email held on the server.
Web shells deployed by hackers are usually small pieces of malicious code that allow them to use the server to run commands on the server to steal data or initiate other activities, while allowing attackers to remain in an affected organization Allows, Microsoft explained in a blog post.
Microsoft last week released patches to fix Exchange Server vulnerabilities in the 2013, 2016 and 2019 editions, and urged its customers to implement them immediately. The company noted that the patch only works on devices that have not been compromised.
Also read Microsoft to join US hearing on tech dominance of news outlets
“The next day after the patch was released, we began scanning the Exchange Server en Massage and observing many more threatened actors,” said Malware Researcher Matthew Fauo at ESET in a release. “Interestingly, all of them APT groups are focused on espionage, except for one outsider who seems to be related to a known mining miner.”
When Microsoft initially detected several zero-day adventures, the technology company blamed China’s state-sponsored group Hafnium for the high-confidence campaign.
But, ESET’s analysis suggests that “the threat is not limited to the widely reported hafnium group.”
According to ESET, the identified threat groups and behavioral groups include Tic, Luckymouse, Calypso, Websic, Winnetti Group, Trento Team, Shadowpad Activity, “Opera” Cobalt Strike, IIS Backdoor, Mikrosen and DLTMiner. The cyber extortion firm said that some APT groups were taking advantage of the vulnerabilities even before the patch was released.
Also read White House says Microsoft email hackers have large number of victims’
“They too [Exchange servers] Should not come in direct contact with the Internet. In case of compromise, Edmins should remove web shells, change credentials and check for any additional malicious activity.
.
Leave a Reply