Security News > 2022 > October > State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally.

"These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration," the Microsoft Threat Intelligence Center said in a Friday report.

The weaponization of the vulnerabilities is expected to ramp up in the coming days, Microsoft further warned, as malicious actors co-opt the exploits into their toolkits, including deploying ransomware, due to the "Highly privileged access Exchange systems confer onto an attacker."

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency added the two Microsoft Exchange Server zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the patches by October 21, 2022.

"Microsoft Exchange is a juicy target for threat actors to exploit for two primary reasons," Travis Smith, vice president of malware threat research at Qualys, told The Hacker News.

"First, Exchange being directly connected to the internet creates an attack surface which is accessible from anywhere in the world, drastically increasing its risk of being attacked. Secondly, Exchange is a mission critical function - organizations can't just unplug or turn off email without severely impacting their business in a negative way."

News URL

https://thehackernews.com/2022/10/state-sponsored-hackers-likely.html