![]() How these various attack groups all started to use the same exploit for their attacks nearly the same time is still a mystery. The source of the Microsoft Exchange exploit still unknownĮSET researchers say that multiple APTs beside Hafnium had access to and used the same/similar exploit, some even before the patch was released, and that additional APTs began using it a day after the patch release (i.e., it’s unlikely that they built an exploit by reverse engineering the Microsoft updates). Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers. ![]() Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A. Security researchers have warned that ransomware gangs will get on the band wagon and, sure-enough, a group leveraging a new ransomware called DearCry (aka DoejoCrypt) was spotted exploiting the vulnerabilities to install the human-operated malware. ![]() While the initial attacks were attributed by Microsoft to a threat actor dubbed Hafnium, believed to be a state-sponsored group that operates from China, the same exploits were subsequently used by at least 10 APT groups – mostly for data theft, espionage, and for covert crypto-mining. Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early March. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |