Security News > 2022 > June > Microsoft Exchange bug abused to hack building automation systems
A Chinese-speaking threat actor has hacked into the building automation systems of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.
The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon.
After breaching engineering computers within their targets' building automation system, the Chinese attackers could compromise other parts of the victims' infrastructure, including but not limited to their information security systems.
"Building automation systems are rare targets for advanced threat actors," said Kaspersky ICS CERT security expert Kirill Kruglov.
While analyzing the attacks, the researchers also found links to another Chinese APT group, tracked by Microsoft as Hafnium, known to have also used Exchange ProxyLogon exploits.
"We strongly believe that those systems themselves could be a valuable source of highly confidential information. Additionally, we believe there is a chance that they also provide attackers with a backdoor to other, more strictly secured, infrastructure," the report reads.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |