government agency had scanned the client's Exchange server and identified a file that matched a signature for the attack framework, Cobalt Strike. Our investigation focused on an email server running Microsoft Exchange version 2019.Īt the time of our analysis in March 2021, a U.S. It is estimated that more than 30,000 US organisations have been affected by the exploitation of these security flaws by various threat groups. Operators behind the Lemon Duck malware targeted unpatched Exchange servers to mine cryptocurrency. The exploitation of these vulnerabilities became a new vector for ransomware campaigns including Black Kingdom and DearCry. The public nature of these vulnerabilities meant that the longer organisations delayed patching, the more backdoors could potentially be installed by different threat groups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |