On Monday, Microsoft Security Response Center tweeted that "92% of worldwide Exchange internet protocols (IPs) were now patched or mitigated." But the recent scan by Kryptos Logic shows a significant number of organizations may be infected with backdoors. Though Microsoft released patches and recommended that customers apply the updates to affected systems immediately, a wide scope of victims was still impacted, and web shells can give threat actors access to Exchange servers even after they've been patched.
The attackers placed web shells inside victims' networks to be used as backdoors. On March 2, Microsoft reported that a Chinese APT group known as Hafnium exploited the four zero-day vulnerabilities to attack on-premises versions of its Exchange email servers. "Please patch and run Microsoft's MSERT tool to clean up any webshells," Kryptos Logic wrote on Twitter. The company said on Twitter that it scanned 250,000 unique IP addresses and found 29,796 vulnerable Exchange servers, along with 97,827 shells across 15,150 IP addresses. Threat intelligence vendor Kryptos Logic said Tuesday that it found nearly 100,000 active web shells during internet scans of ProxyLogon, the most serious of four vulnerabilities in Microsoft's Exchange Server software disclosed earlier this month.
0 kommentar(er)
