Microsoft Exchange 0-Days exploited by state-sponsored hackers against ten organisations
Published on Oct 04, 2022
The company announced on Friday that a single activity group, in August 2022, gained initial access to Exchange servers by chaining the two newly disclosed zero-day vulnerabilities in a limited set of attacks aimed at no more than ten organisations worldwide.
“These attacks installed the Chopper web shell to enable hands-on keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration,” wrote the Microsoft Threat Intelligence Center (MSTIC).
As a result of the highly privileged access Exchange systems confer on attackers, Microsoft expects weaponisation of the vulnerabilities to ramp up in the coming days as malicious actors co-opt the exploits into their toolkits, including the deployment of ransomware.
As a result of the ongoing attacks, the tech giant has attributed them with medium confidence to state-sponsored entities, stating that it has been investigating these attacks since September 8-9, 2022 when the Zero Day Initiative disclosed the flaws to Microsoft Security Response Center (MSRC).
There has been a collective term given to these two vulnerabilities, called ProxyNotShell, due to the fact that they share the same path and SSRF/RCE pair as ProxyShell, but with authentication.
GraalVM Native Image Support in JUnit 5.9
A number of bugs have been fixed in JUnit 5.9, and a number of new features have been introduced, such as the ability to keep…
C/CPP deprecated in favor of Rust?
Originally released in March 2022, Spring Boot Migrator (SBM) was an experimental Spring project…