Adrian Johnson
TLDR:
- Hackers are using ProxyLogon and ProxyShell vulnerabilities to attack Microsoft Exchange servers.
- Sensitive government communications from multiple countries were discovered on a DigitalOcean server.
In a recent attack on Microsoft Exchange servers, hackers exploited the vulnerabilities known as ProxyLogon and ProxyShell to gain unauthorized access to sensitive government communications. The vulnerabilities, which were disclosed in 2021, allow attackers to execute commands and access mailboxes without authentication. The Hunt Research Team discovered a server hosting sensitive data from countries such as Afghanistan and Laos, indicating a potential targeted attack on governmental sectors across regions.
The compromised server was found to contain nearly 4,000 files targeting government offices in various countries, utilizing adjusted open-source exploit codes. The presence of unique Chinese-language folder names and exploit codes suggests the involvement of sophisticated threat actors in these cyberattacks. Despite efforts to secure the exposed directories, the incident highlights the ongoing exploitation of older vulnerabilities by malicious actors.
Increased visibility on live threats, such as the Open Directories feature from Hunt, is crucial for detecting and mitigating cybersecurity risks. Organizations are advised to take proactive measures to secure their Microsoft Exchange servers and implement robust cybersecurity defenses to safeguard against potential attacks.
