Around the beginning of August 2022, while doing security monitoring & incident response services, security researchers discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability.
TAGS: 0-day, exchange, proxyshell
ATT&CK IDS: T1586.002 - Email Accounts, T1059.003 - Windows Command Shell, T1047 - Windows Management Instrumentation, T1505.003 - Web Shell, T1070.004 - File Deletion, T1036.005 - Match Legitimate Name or Location, T1003.001 - LSASS Memory, T1087 - Account Discovery, T1083 - File and Directory Discovery, T1057 - Process Discovery, T1049 - System Network Connections Discovery, T1570 - Lateral Tool Transfer, T1560.001 - Archive via Utility
Read More:
Comments