Security News > 2021 > March > Chile's bank regulator shares IOCs after Microsoft Exchange hack
Chile's Comisión para el Mercado Financiero has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.
"The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform," disclosed the Comisión para el Mercado Financiero.
To aid security professionals and other Microsoft Exchange administrators, the CMF has released IOCs of web shells and a batch file found on their compromised server.
These files are Microsoft Exchange Offline Address Books, whose ExternalUrl setting has been changed to the China Chopper web shell.
While most Microsoft Exchange attacks have been deploying web shells, harvesting credentials, and stealing mailboxes, some attacks are also installing cryptominers, and more recently, the DearCry ransomware on exploited servers.
To help administrators find malicious files dropped in these attacks, Microsoft has released a script that searches Microsoft Exchange logs for IOCs and has updated their Microsoft Safety Scanner to detect known web shells.
News URL
Related news
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)
- Microsoft: “Hack” this LLM-powered service and get paid (source)