The attackers organized attacks on Microsoft Exchange users. This is reported by the publication Bleeping Computer.
At the Black Hat conference, security specialist Orange Tsai told about the vulnerabilities, united under the common name ProxyShell. Currently, experts mention three types of vulnerabilities under the names CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Malware creators scan the network in search of unprotected corporate systems and introduce modified programs into them.
Attackers use the web shell of the service to download special software to a folder with remote access. Documents are created in the Windows system partition at C:\Windows\System32 and in the root directory of the Microsoft Exchange program itself, used for exchanging messages and documents in a corporate environment. Also, the creators of the virus software run a remote loader ApplicationUpdate.exe, which opens the executable file ApplicationUpdate.exe every day at one o’clock in the morning.
According to experts, they know the methods of hacking and the web addresses with which unknown people hack into the corporate networks of Microsoft customers. The authors noticed that those users who do not update Microsoft Exchange are at risk. In this regard, experts advise you to install updates from Microsoft on your computers regularly.