The cybercriminals launched attacks on Microsoft Excange users. It is reported by the Bleeping Computer edition.
Security specialist Orange Tsai spoke about the vulnerabilities under the general name ProxyShell at the Black Hat conference. At the moment, experts mention three types of vulnerabilities called CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207. Malware creators scan the network for unprotected corporate systems and inject modified programs into them.
Attackers use the service's web shell to download special software to a remotely accessible folder. Documents are created in the Windows system partition at C: Windows System32 and in the root directory of the Microsoft Excange program itself, which is used to exchange messages and documents in a corporate environment. The virus creators also launch the ApplicationUpdate.exe remote loader, which opens the ApplicationUpdate.exe executable file at 1 am every day.
According to experts, they know not only hacking methods, but also the web addresses used by unknown persons to hack into corporate networks of Microsoft customers. The authors noticed that users who do not update Microsoft Excange are at risk. In this regard, experts advise to regularly install updates from Microsoft on their computers.
Earlier, security experts talked about the possibility of hacking computers through office equipment. The penetration of users' computers was carried out on the basis of a new version of Windows.
