Webshells Observed in Post-Compromised Exchange Servers

Original release date: March 25, 2021

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each new MAR (AR21-084A and AR21-084B) identifies a webshell observed in post-compromised Microsoft Exchange Servers. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actor can upload a webshell to enable remote administration of the affected system.

CISA has also updated seven previously released MARs. The updated MARs now include CISA-developed YARA rules to help network defenders detect associated malware.

CISA encourages users and administrators to review the following resources for more information:

CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
MAR-10328877-1.v1: China Chopper Webshell
MAR-10328923-1.v1: China Chopper Webshell
MAR-10329107-1.v1: China Chopper Webshell
MAR-10329297-1.v1: China Chopper Webshell
MAR-10329298-1.v1: China Chopper Webshell
MAR-10329301-1.v1: China Chopper Webshell
MAR-10329494-1.v1: China Chopper Webshell
MAR-10329499-1.v1: China Chopper Webshell
MAR-10329496-1.v1: China Chopper Webshell
CISA web page Remediating Microsoft Exchange Vulnerabilities
CISA web page Ransomware Guidance and Resources

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin

Next OpenSSL Releases Security Update »

Previous « Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

This website uses cookies.

Webshells Observed in Post-Compromised Exchange Servers

Recent Posts

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog