As of August 2022, Microsoft has disclosed that state-sponsored hackers have been steadily gaining access to and breaching MS Exchange. These groups have linked the two newly disclosed zero-day flaws, limiting these attacks and focusing on ten specific global institutions.
Microsoft Threat Intelligence Center's (MSTIC) newest analysis shares that "these attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration."
Experts suggest that hackers will likely continue to exploit these vulnerabilities and deploy ransomware mainly due to the "highly privileged access Exchange systems confer onto an attacker."
Microsoft says that "while these vulnerabilities require authentication, the authentication needed for exploitation can be that of a standard user. Standard user credentials can be acquired via many attacks, such as password spray or purchase via the cybercriminal economy."
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.
Comments