CISA Adds Two Web Shells to Exchange Server Guidance

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Adds Two Web Shells to Exchange Server Guidance


Officials update mitigation steps to include two new Malware Analysis Reports identifying Web shells seen in Exchange Server attacks.



The Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) today updated its guidance for ongoing Microsoft Exchange Server exploits to include two new Malware Analysis Reports (MARs). 
Each of these reports, now included in CISAs full Mitigate Microsoft Exchange Server Vulnerabilities
alert
, identifies a Web shell seen in post-compromised Microsoft Exchange servers. CISA has also updated seven existing MARs to include YARA rules developed by CISA to help organizations detect the malware seen so far in these attacks. 
All of the MARs shared so far focus on China Chopper, a
Web shell commonly seen
in the attacks. After exploiting an Exchange Server vulnerability to gain initial access, an attacker can use China Chopper to remotely execute operating system commands and conduct activities such as uploading and executing tools, pivoting to other systems, and exfiltrating data. 
Prior to today, CISA had already updated its guidance to detail seven China Chopper Web shells; todays addition brings it to nine in total. Officials note this is not an all-inclusive list of the Web shells attackers are using. 
Read more details
here
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Adds Two Web Shells to Exchange Server Guidance