News/Tech News

Microsoft Exchange 0-Days exploited by state-sponsored hackers against ten organisations

Published on Oct 04, 2022

The company announced on Friday that a single activity group, in August 2022, gained initial access to Exchange servers by chaining the two newly disclosed zero-day vulnerabilities in a limited set of attacks aimed at no more than ten organisations worldwide.

“These attacks installed the Chopper web shell to enable hands-on keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration,” wrote the Microsoft Threat Intelligence Center (MSTIC).

As a result of the highly privileged access Exchange systems confer on attackers, Microsoft expects weaponisation of the vulnerabilities to ramp up in the coming days as malicious actors co-opt the exploits into their toolkits, including the deployment of ransomware.

As a result of the ongoing attacks, the tech giant has attributed them with medium confidence to state-sponsored entities, stating that it has been investigating these attacks since September 8-9, 2022 when the Zero Day Initiative disclosed the flaws to Microsoft Security Response Center (MSRC).

There has been a collective term given to these two vulnerabilities, called ProxyNotShell, due to the fact that they share the same path and SSRF/RCE pair as ProxyShell, but with authentication.

Tech News


GraalVM Native Image Support in JUnit 5.9

A number of bugs have been fixed in JUnit 5.9, and a number of new features have been introduced, such as the ability to keep…


C/CPP deprecated in favor of Rust?

Originally released in March 2022, Spring Boot Migrator (SBM) was an experimental Spring project…

Our Latest Blog

Unlock Your Potential with a Level 5 Diploma in Business London's Top Courses img

Unlock Your Potential with a Level 5 Diploma in Business: London’s Top Courses

Are you looking to enhance your knowledge and skills in the field of business? Do...
Read More
Unlock Your Potential with Level 4 Diploma in Business Courses in London img

Unlock Your Potential with Level 4 Diploma in Business Courses in London

Are you looking for a comprehensive course to take your business career to the next...
Read More

Follow Us


Browse LSET presentations to understand interesting…

Explore Now

Get complete guides to empower yourself academically…

Explore Now

Learn about information technology and business…

Explore Now