Daniel StepanicAndrew Pease

Detection and response for the actively exploited ProxyShell vulnerabilities

先週、Elasticセキュリティは、ProxyShellに関連するMicrosoft Exchangeの脆弱性の悪用を確認しました。 このアクティビティについて新しくリリースされた詳細については、投稿を確認してください。

1分で読めますセキュリティ調査
活発に悪用されたProxyShellの脆弱性の検出と対応

On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities (CVE-2021-31207, CVE-2021-34473, CVE-2021-34523). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks. Security vendors and researchers are also observing these attacks tied to post-exploitation behavior such as deploying ransomware to victim environments.

Elastic Security identified indicators of compromise (IoCs) indicating similar activity as reported by the industry. The details of this activity can be found in our Discuss forum, highlighting our perspective of what we have observed in our own telemetry.

Please visit the Discuss forum for full details on our identified IoCs.

この記事を共有する