Daniel StepanicAndrew Pease

Detection and response for the actively exploited ProxyShell vulnerabilities

Na semana passada, a Elastic Security observou a exploração de vulnerabilidades do Microsoft Exchange associadas ao ProxyShell. Revise a postagem para encontrar detalhes recém-divulgados sobre esta atividade.

Detecção e resposta para vulnerabilidades ProxyShell exploradas ativamente

On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities (CVE-2021-31207, CVE-2021-34473, CVE-2021-34523). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks. Security vendors and researchers are also observing these attacks tied to post-exploitation behavior such as deploying ransomware to victim environments.

Elastic Security identified indicators of compromise (IoCs) indicating similar activity as reported by the industry. The details of this activity can be found in our Discuss forum, highlighting our perspective of what we have observed in our own telemetry.

Please visit the Discuss forum for full details on our identified IoCs.

Compartilhe este artigo