By James Scout/ Oct 2, 2022

State-Sponsored Hackers Likely Targeted 10 Organizations With M.S. Exchange 0-Day Exploits

Microsoft revealed on Friday that a single activity group in August 2022 breached Exchange servers by chaining the two recently disclosed zero-day flaws in a constrained set of attacks targeted at fewer than ten global organizations.

M.S. Exchange  Hacked

According to a report released on Friday by the Microsoft Threat Intelligence Center (MSTIC), "these attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory reconnaissance and data exfiltration."

M.S. Exchange  Hacked

Microsoft further stated that due to the "highly privileged access Exchange systems confer upon an attacker," the weaponization of the vulnerabilities is anticipated to increase over the next few days as malicious actors incorporate the exploits into their toolkits,

M.S. Exchange  Hacked

– Microsoft Exchange Server Server-Side Request Forgery Vulnerability (CVE-2022-41040) – Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)

M.S. Exchange  Hacked

More Stories

Own an Outdated Echo Dot? For Free, Eero Wants to Transform it Into a Mesh Wi-Fi Extender

The Halo Rise Sleep Sensing Device and Sunrise Alarm Clock are Now Available on Amazon

Second-Generation Wearable Technology (AR) Glasses From Magic Leap are Currently Available on The Market