Security News > 2021 > April > CISA Details Malware Found on Hacked Exchange Servers
The U.S. Cybersecurity and Infrastructure Security Agency this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.
The malware operators target Exchange servers through a series of vulnerabilities that were made public on March 3, the same day Microsoft released patches for them.
The first of these provides details on China Chopper webshells that were identified on Exchange servers following initial compromise through the aforementioned vulnerabilities, and which provide adversaries with control over the infected machine.
A total of 10 webshells were identified, CISA notes, but these should not be considered an all-inclusive list of webshells that threat actors are leveraging in attacks targeting Exchange servers.
CISA is warning of assaults on Microsoft Exchange that are attempting to drop the DearCry ransomware on vulnerable servers.
Now, Sophos reveals that the targeting of Exchange servers for crypto-mining purposes dates all the way back to March 9, hours after Microsoft's Patch Tuesday updates that addressed the exploited vulnerabilities were released.
News URL
Related news
- FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)