Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Ransomware gang uses new Microsoft Exchange exploit to breach servers
#1
[Image: OWASSRF%20PoC%20exploit.png]

Quote:Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA).

Cybersecurity firm CrowdStrike spotted the exploit (dubbed OWASSRF) while investigating Play ransomware attacks where compromised Microsoft Exchange servers were used to infiltrate the victims' networks.

To execute arbitrary commands on compromised servers, the ransomware operators leveraged Remote PowerShell to abuse the CVE-2022-41082, the same bug exploited by ProxyNotShell.

In each case, CrowdStrike reviewed the relevant logs and determined there was no evidence of exploitation of CVE-2022-41040 for initial access," the researchers said.

"Instead, it appeared that corresponding requests were made directly through the Outlook Web Application (OWA) endpoint, indicating a previously undisclosed exploit method for Exchange."

While ProxyNotShell exploits target CVE-2022-41040, CrowdStrike found that the flaw abused by the newly discovered exploit is likely CVE-2022-41080, a security flaw Microsoft tagged as critical and not exploited in the wild that allows remote privilege escalation on Exchange servers.

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Digital security giant Entrust breached by ransomware gang mrtrout 0 647 07-23-2022 , 12:02 AM
Last Post: mrtrout
  Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds mrtrout 0 1,020 11-25-2021 , 02:58 PM
Last Post: mrtrout
  US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs mrtrout 0 580 09-23-2021 , 08:11 PM
Last Post: mrtrout
  Almost 2,000 Exchange servers hacked using ProxyShell exploit mrtrout 0 572 08-27-2021 , 06:40 AM
Last Post: mrtrout
  SynAck ransomware gang releases decryption keys for old victims mrtrout 0 600 08-13-2021 , 07:10 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)