May 22, 2024 at 03:50AM
Unknown threat actors are exploiting security flaws in Microsoft Exchange Server to deploy a keylogger malware targeting African and Middle Eastern entities. Russian cybersecurity firm Positive Technologies identified over 30 victims, including government agencies, banks, and IT companies, with the first compromise dating back to 2021. The attack chains commence with the exploitation of ProxyShell flaws and organizations are urged to update their Exchange Server instances.
From the meeting notes:
– A Russian cybersecurity firm, Positive Technologies, has reported on the exploitation of known security flaws in Microsoft Exchange Server by an unknown threat actor. This includes the deployment of a keylogger malware targeting entities in Africa and the Middle East.
– Over 30 victims across government agencies, banks, IT companies, and educational institutions have been identified, with the first compromise dating back to 2021.
– The attack chains commence with the exploitation of ProxyShell flaws originally patched by Microsoft in May 2021, followed by the addition of the keylogger to the server main page and the injection of code capturing credentials.
– Positive Technologies notes that organizations are urged to update their Microsoft Exchange Server instances to the latest version and look for potential signs of compromise on the server’s main page.
Additionally, it’s advised to identify and delete the file where stolen account data is stored if a server has been compromised.
These are the key takeaways from the meeting notes. Please let me know if there’s anything else you would like to highlight or discuss from this information.