Hackers target Microsoft Exchange servers in internal reply-chain attacks


By MYBRANDBOOK


Hackers target Microsoft Exchange servers in internal reply-chain attacks

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.

 

As a way to trick corporate targets into opening malicious attachments, the threat actor exploits Microsoft Exchange servers using the ProxyShell and ProxyLogon vulnerabilities.

 

The actors behind this attack are believed to be 'TR', a known threat actor who distribute emails with malicious attachments that drop malware, including Qbot, IcedID, Cobalt Strike, and SquirrelWaffle payloads.

 

The threat actors use these compromised Exchange servers to reply to the company's internal emails in reply-chain attacks containing links to malicious documents that install various malware.

 

As these emails originate from the same internal network and appear to be a continuation of a previous discussion between two employees, it leads to a greater degree of trust that the email is legitimate and safe.

 

Not only is this effective against the human recipients, but it’s also excellent for not raising any alarms on the email protection systems used in the target firm.

 E-Magazine 

Copyright www.mybrandbook.co.in @1999-2021 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org