Proxy Exploit Chains Used To Attack Exchange Servers

February 8, 2023

The ProxyLogon, ProxyShell, ProxyNotShell, and OWASSRF exploit chains were used to attack Microsoft Exchange servers across a range of sectors including real estate, law firms, manufacturing, consulting, wholesale, and arts and entertainment. Exploitation of the flaws resulted in systems infected with web shells, ransomware, remote access tools, and backdoors. Multiple legitimate Windows binaries were used to carry out the attacks including PowerShell, Rundll32, Ping, and Net.

Featured Resources

View More Resources

blog

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Idan Sherman, Security Researcher Executive summary The "Shai-Hulud" supply chain campaign has returned, striking harder and smarter than before. This

blog

Top 5 Must-Have Features in an Exposure Management Platform

Security teams are under growing pressure to reduce risk faster and prove resilience continuously. Attack surfaces expand with every new

Solution Brief

Continuous Wiz Validation and Optimization

Make CTEM actionable with continuous threat validation that proves and improves your real-world resilience.

Proxy Exploit Chains Used To Attack Exchange Servers

Featured Resources

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Top 5 Must-Have Features in an Exposure Management Platform

<img width="169" height="102" src="https://cymulate.com/uploaded-files/2023/08/Wiz-Defend_Certified-Integration-1.svg" alt="" class="kb-img wp-image-31752"/> Continuous Wiz Validation and Optimization

Continuous Wiz Validation and Optimization