ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America
Essential information
- Published
- 05/07/2024 15:03
- Modified
- 05/07/2024 16:21
- Tags
- 2024-07-05 CVE-2021-31207 CVE-2021-34473 CVE-2021-34523 microsoft exchange powershell proxyshell python
- Related entities
- 4 observables, 18 techniques (mitre), 4 others
Description
This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sensitive communications, targeting specific offices in Afghanistan, Laos, Georgia, and Argentina. The findings underscore the persistent threat posed by unpatched vulnerabilities and the adaptability of malicious actors in achieving their objectives.