Security News > 2021 > March > Multiple Cyberspy Groups Target Microsoft Exchange Servers via Zero-Day Flaws

Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers.

Managed detection and response solutions provider Huntress says it has already observed more than 200 compromised Exchange Servers that received payloads within the "C:inetpubwwwrootaspnet clientsystem web" directory, and claims to have identified more than 350 web shells to date.

An analysis of approximately 2,000 Exchange servers has revealed that roughly 400 of them were vulnerable, with an additional 100 potentially vulnerable, Huntress reveals.

The targeted organizations, the security firm says, include "Small hotels, an ice cream company, a kitchen appliance manufacture, multiple senior citizen communities and other 'less than sexy' mid-market businesses. We've also witnessed many city and county government victims, healthcare providers, banks/financial institutions, and several residential electricity providers."

The large number of identified web shells, Huntress points out, suggests that multiple uncoordinated actors might have been involved in exploitation, or that automated deployment tools were used.

"These attacks are grave due to the fact that every organization simply has to have email, and Microsoft Exchange is so widely used. These servers are typically publicly accessible on the open internet and they can be exploited remotely. These vulnerabilities can be leveraged to gain remote code execution and fully compromise the target," Huntress also notes.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/CfA0hcKpAII/multiple-cyberspy-groups-target-microsoft-exchange-servers-zero-day-flaws