Conti ransomware affiliates hit Exchange Servers with ProxyShell exploits

Hack Read -

According to researchers, threat actors including Conti ransomware affiliates are exploiting 3 unpatched vulnerabilities that allow unauthenticated, remote code execution on MS Exchange Servers.

In late August 2021, it was reported that threat actors are targeting unpatched Microsoft Exchange Servers by exploiting ProxyShell exploits. Now, according to independent findings of researchers at Sophos Labs and FireEye’s Mandiant research teams, threat actors, including Conti ransomware gang’s affiliates, are attempting to compromise Microsoft Exchange Servers to breach corporate networks by exploiting recently disclosed ProxyShell vulnerabilities.

Reportedly, threat actors are exploiting these flaws for several weeks now.

Hackers Exploiting Three CVEs

Mandiant researchers noted that the gang exploited three chained vulnerabilities and exposures (CVEs) classified as CVE-2021-34473, CVE-2021-34523, CVE-2021-31207. These vulnerabilities allow unauthenticated, remote code execution on MS Exchange Servers that are yet unpatched.

The vulnerabilities collectively makeup ProxyShell and upload web shells to their target networks to gain initial access. Later, it

The article Conti ransomware affiliates hit Exchange Servers with ProxyShell exploits originally appeared on Hack Read.

Read More.....