Security News > 2021 > September > Conti ransomware now hacking Exchange servers with ProxyShell exploits
The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits.
ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.
We have seen threat actors using the ProxyShell vulnerabilities to drop webshells, backdoors, and to deploy the LockFile ransomware.
After analyzing the attack, Sophos discovered that the threat actors initially compromised the network using the recently disclosed Microsoft Exchange ProxyShell vulnerabilities.
"Within 48 hours of gaining that initial access, the attackers had exfiltrated about 1 Terabyte of data. After five days had passed, they deployed the Conti ransomware to every machine on the network, specifically targeting individual network shares on each computer," explained Sophos in their report.
Without a doubt, the ProxyShell vulnerabilities are being used by a wide range of threat actors at this time, and all Microsoft Exchange server admins need to apply the most recent cumulative updates to stay protected.
News URL
Related news
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)