Detection and response for the actively exploited ProxyShell vulnerabilities

La semaine dernière, Elastic Security a observé l'exploitation de vulnérabilités de Microsoft Exchange associées à ProxyShell. Consultez l'article pour connaître les derniers détails publiés sur cette activité.

Détection et réponse aux vulnérabilités ProxyShell activement exploitées

On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities (CVE-2021-31207, CVE-2021-34473, CVE-2021-34523). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks. Security vendors and researchers are also observing these attacks tied to post-exploitation behavior such as deploying ransomware to victim environments.

Elastic Security identified indicators of compromise (IoCs) indicating similar activity as reported by the industry. The details of this activity can be found in our Discuss forum, highlighting our perspective of what we have observed in our own telemetry.

Please visit the Discuss forum for full details on our identified IoCs.

Partager cet article