Wednesday, April 14, 2021

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments | ZDNet


An ongoing investigation into the active exploit of four Microsoft Exchange zero-day flaws has revealed attacks against local US government agencies. 

On March 2, Microsoft warned that the four zero-day vulnerabilities — now tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — were being exploited by threat actors in the wild.  

If abused, the vulnerabilities could be used to compromise servers running Exchange Server 2013, 2016, and 2019 software. 

Microsoft has urged customers to immediately apply patches provided to fix the vulnerabilities, but as is often the case with the disclosure of zero-days, cyberattackers are quick to exploit them. 

According to FireEye’s Mandiant Managed Defense cybersecurity team, a wave of attacks against US targets has been tracked that abuses the Exchange security flaws. 

Among the latest victims are local government entities, an unnamed university, an engineering company, and a host of retailers in the United States. 

This month, one threat actor was observed using at least one of the vulnerabilities to deploy a web shell on a vulnerable Exchange server in order to “establish both persistence and secondary access,” according to the team. In two cases, cyberattackers sought to delete existing administrator accounts on Exchange servers. 

Credential theft, the compression of data for exfiltration, and the use of PowerShell to steal entire email inboxes were also recorded. Covenant, Nishang, and PowerCat tools are being used to maintain remote access. 

Mandiant added that the compromise of two other entities, a Southeast Asian government and a Central Asian telecommunications firm, may be related to this campaign. 

“The activity we have observed, coupled with others in the information security industry, indicate that these threat actors are likely using Exchange Server vulnerabilities to gain a foothold into environments,” Mandiant says. “This activity is followed quickly by additional access and persistent mechanisms.”

Microsoft has previously attributed attacks to Hafnium, a Chinese state-sponsored advanced persistent threat (APT) group. The APT has been connected to assaults in the past against US defense firms, the legal sector, researchers, and think tanks. 

Mandiant expects more clusters of intrusions to appear, a problem that will likely be ongoing until more vulnerable servers are patched. Kaspersky says that there is a high risk of ransomware and data theft. 

Microsoft Exchange users are urged to update their software as quickly as possible.

In related news this week, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing federal agencies to immediately tackle the Microsoft Exchange vulnerabilities. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0




Source link

MORE Articles

రోహిత్ సేన బ్యాటింగ్ లైనప్ వీక్: బ్యాక్ అండ్ బ్యాక్ మ్యాచుల్లో 5 వికెట్లు: స్కానింగ్

చెన్నై: ఇండియన్ ప్రీమియర్ లీగ్ 2021 సీజన్,14వ ఎడిషన్‌లో భాగంగా చెన్నైలోని ఎంఎ చిదంబరం స్టేడియంలో జరిగిన అయిదో మ్యాచ్.. ముంబై ఇండియన్స్ బౌలింగ్ సత్తాను చాటింది. కేప్టెన్ రోహిత్ శర్మ వ్యూహాలకు...

बाल झड़ने से हैं परेशान? अपनाएं ये सीक्रेट फार्मूला, फायदे हैरान कर देंगे

नई दिल्लीः बाल, शरीर का ऐसा हिस्सा है, जो इंसान की सुंदरता के लिए बेहद अहम माने जाते हैं. लेकिन आजकल बाल झड़ने...

Spotify’s Car Thing replaces your air vents with a smart music streaming device

Spotify has announced that its Car Thing experiment will become an official product that will ship to selected Spotify Premium customers.Car Thing, an...

Samsung Announces a Galaxy Unpacked Event on April 28 | Digital Trends

Samsung has announced its next Galaxy Unpacked event, where it will likely show off what’s next in its Galaxy product lines. This event...

Nvidia expects crippling GPU shortages to continue throughout 2021

If you’re waiting for the crippling graphics card shortage to loosen up before buying new hardware, well, you might be waiting for a...

Microsoft’s Surface Laptop 4 packs much faster Intel processors

Microsoft has unveiled the Surface Laptop 4.You’ll get faster 11th-gen Intel Core chips, but a familiar design and older AMD options.It’s available April...

Stay Connected

98,675FansLike
224,586FollowersFollow
56,656SubscribersSubscribe