Security News > 2021 > August > Hackers now backdoor Microsoft Exchange using ProxyShell exploits
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.
ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.
Last week, Orange Tsai gave a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service attack surface.
Security researcher Kevin Beaumont began seeing threat actors scan for Microsoft Exchange servers vulnerable to ProxyShell.
Today, Beaumont and NCC Group's vulnerability researcher Rich Warren disclosed that threat actors have exploited their Microsoft Exchange honeypots using the ProxyShell vulnerability.
Last week, Jang explained to BleepingComputer that 265KB is the minimum files size that can be created using the ProxyShell exploit due to its abuse of the Mailbox Export function of Exchange Powershell to create PST files.
News URL
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)