Officials update mitigation steps to include two new Malware Analysis Reports identifying Web shells seen in Exchange Server attacks.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today updated its guidance for ongoing Microsoft Exchange Server exploits to include two new Malware Analysis Reports (MARs).
Each of these reports, now included in CISA's full "Mitigate Microsoft Exchange Server Vulnerabilities" alert, identifies a Web shell seen in post-compromised Microsoft Exchange servers. CISA has also updated seven existing MARs to include YARA rules developed by CISA to help organizations detect the malware seen so far in these attacks.
All of the MARs shared so far focus on China Chopper, a Web shell commonly seen in the attacks. After exploiting an Exchange Server vulnerability to gain initial access, an attacker can use China Chopper to remotely execute operating system commands and conduct activities such as uploading and executing tools, pivoting to other systems, and exfiltrating data.
Prior to today, CISA had already updated its guidance to detail seven China Chopper Web shells; today's addition brings it to nine in total. Officials note this is not an all-inclusive list of the Web shells attackers are using.
Read more details here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024