Security News > 2022 > June > Microsoft Exchange bug abused to hack building automation systems

Microsoft Exchange bug abused to hack building automation systems
2022-06-27 15:39

A Chinese-speaking threat actor has hacked into the building automation systems of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.

The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon.

After breaching engineering computers within their targets' building automation system, the Chinese attackers could compromise other parts of the victims' infrastructure, including but not limited to their information security systems.

"Building automation systems are rare targets for advanced threat actors," said Kaspersky ICS CERT security expert Kirill Kruglov.

While analyzing the attacks, the researchers also found links to another Chinese APT group, tracked by Microsoft as Hafnium, known to have also used Exchange ProxyLogon exploits.

"We strongly believe that those systems themselves could be a valuable source of highly confidential information. Additionally, we believe there is a chance that they also provide attackers with a backdoor to other, more strictly secured, infrastructure," the report reads.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-exchange-bug-abused-to-hack-building-automation-systems/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-26855 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-918
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774