In August 2022, hackers launched a limited wave of attacks that targeted at least 10 organizations around the world.
There are two newly disclosed zero-day vulnerabilities being exploited by the hackers in these attacks in order to gain access to and compromise Exchange servers in these attacks.
Chopper web shell was installed during these attacks in order to make hands-on keyboard access more convenient. Attackers utilize this technique to gain access to Active Directory in order to perform reconnaissance and exfiltration of data.
As a result of these wild exploits, it is likely that these vulnerabilities will be weaponized further in the coming days due to the growing trend toward weaponizing them.
Here below we have mentioned the two 0-Day flaws exploited by the hackers in the wild to attack 10 organizations:-
The combination of these two zero-day vulnerabilities together has been named “ProxyNotShell.” The exploitation of these vulnerabilities is possible by using a standard account with a standard authentication process.
In many different ways, it is possible to acquire the credentials of standard users. While the GTSC, a Vietnamese cybersecurity company, was the first to discover the vulnerabilities that have been exploited.
It is suspected that these intrusions were carried out by a Chinese threat actor.
No action is required on the part of Microsoft Exchange Online customers. Microsoft recommended reviewing the URL Rewriting Instructions for Microsoft Exchange customers using on-premises Exchange and also recommended users implement them immediately.
If you are a Microsoft Exchange Server user using Microsoft 365 Defender, then you have to follow the following checklist provided by Microsoft:-
While as additional prevention measures they also recommended users to:-
Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed by…
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its…
A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper…
A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable…
Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for…
A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused…