By James Scout/ Oct 2, 2022
Microsoft revealed on Friday that a single activity group in August 2022 breached Exchange servers by chaining the two recently disclosed zero-day flaws in a constrained set of attacks targeted at fewer than ten global organizations.
According to a report released on Friday by the Microsoft Threat Intelligence Center (MSTIC), "these attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration."
Microsoft further stated that due to the "highly privileged access Exchange systems confer upon an attacker," the weaponization of the vulnerabilities is anticipated to increase over the next few days as malicious actors incorporate the exploits into their toolkits,
– Microsoft Exchange Server Server-Side Request Forgery Vulnerability (CVE-2022-41040) – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)