Security News > 2021 > April > CISA Details Malware Found on Hacked Exchange Servers
The U.S. Cybersecurity and Infrastructure Security Agency this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.
The malware operators target Exchange servers through a series of vulnerabilities that were made public on March 3, the same day Microsoft released patches for them.
The first of these provides details on China Chopper webshells that were identified on Exchange servers following initial compromise through the aforementioned vulnerabilities, and which provide adversaries with control over the infected machine.
A total of 10 webshells were identified, CISA notes, but these should not be considered an all-inclusive list of webshells that threat actors are leveraging in attacks targeting Exchange servers.
CISA is warning of assaults on Microsoft Exchange that are attempting to drop the DearCry ransomware on vulnerable servers.
Now, Sophos reveals that the targeting of Exchange servers for crypto-mining purposes dates all the way back to March 9, hours after Microsoft's Patch Tuesday updates that addressed the exploited vulnerabilities were released.
News URL
Related news
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- CISA warns of actively exploited Apache HugeGraph-Server bug (source)