The threat actors use exploit codes that send well-crafted HTTP requests towards vulnerable Exchange Servers. The attackers’ goal could be to exfiltrate large amounts of sensitive data through their leased virtual private servers (VPS).Ĭonsidering the range of organizations attacked in a short period and the vast number of organizations using Microsoft Exchange Servers, the attackers have a wide variety of potential-targets across the globe. The victims could also include research organizations, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs. ![]() These threat actors target organizations across sectors in the Americas, Europe, Middle East, and APAC. This raises severe concerns about the risk of data loss and interruptions in business operations for many organizations worldwide. Recently, DearCry (.CRYPT) ransomware operators also began taking advantage of these vulnerabilities to perform unauthorized data encryption on compromised Microsoft Exchange servers. Threat actors behind the breaches in these two organizations managed to exfiltrate data onto the attacker-controlled virtual private servers (VPS). Approximately 7,000 organizations worldwide are impacted by the on-going cyber-attacks on these servers.Įuropean Banking Authority ( EBA) and the Norwegian Parliament are two high-profile victims among them. ![]() These threat actors managed to compromise nearly 30,000 Microsoft Exchange servers located within the United States. Multiple threat actors, including Hafnium, LuckyMouse, Calypso, Winnti, Bronze Butler, Websiic, Tonto, Mikroceen, and DLTMiner, are actively targeting four zero-day Microsoft Exchange vulnerabilities ( CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in their targeted malware attacks and hacking campaigns.
0 Comments
Leave a Reply. |