Security News > 2021 > September > Conti ransomware now hacking Exchange servers with ProxyShell exploits
The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits.
ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.
We have seen threat actors using the ProxyShell vulnerabilities to drop webshells, backdoors, and to deploy the LockFile ransomware.
After analyzing the attack, Sophos discovered that the threat actors initially compromised the network using the recently disclosed Microsoft Exchange ProxyShell vulnerabilities.
"Within 48 hours of gaining that initial access, the attackers had exfiltrated about 1 Terabyte of data. After five days had passed, they deployed the Conti ransomware to every machine on the network, specifically targeting individual network shares on each computer," explained Sophos in their report.
Without a doubt, the ProxyShell vulnerabilities are being used by a wide range of threat actors at this time, and all Microsoft Exchange server admins need to apply the most recent cumulative updates to stay protected.
News URL
Related news
- Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers (source)
- Free Rhysida ransomware decryptor for Windows exploits RNG flaw (source)
- Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation (source)
- Over 28,500 Exchange servers vulnerable to actively exploited bug (source)
- ScreenConnect servers hacked in LockBit ransomware attacks (source)
- LockBit ransomware returns, restores servers after police disruption (source)
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)