Compromised Microsoft Exchange servers lend legitimacy to malicious Reply All chain

DMCA / Correction Notice
- Advertisement -

A recent investigation of squirrel waffles malware by campaign Cyber ​​security Experts have revealed the use of Agreement Microsoft Exchange Servers that were attacked using a series of both proxy logon And proxyshell exploits.

- Advertisement -

The strategy was discovered by researchers trend Micro who found that attackers used two of their popular vulnerabilities to break into on-premises Microsoft Exchange servers to legitimize their malicious messages.

The threat actors then used these compromised Exchange servers to respond to the company’s internal emails in Classic Reply-All Email Chain AttackFilling malicious links in legitimate email chains to install malware.

Techradar needs you!

We’re looking at how our readers use a VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take you no more than 60 seconds, and we would greatly appreciate it if you shared your experiences with us.

>> Click here to start survey in new window <

- Advertisement -

“In the same intrusion, we analyzed email headers for malicious emails received, the mail path was internal (between mailboxes of three internal Exchange servers), indicating that the emails did not originate from an external sender, open mail relay, or No Message Transfer Agent (MTA),” notes trend Micro.

server hijack

In addition to appearing as a continuation of the ongoing discussion, malicious email now originated from within an organization’s email server, giving spammy email far more legitimacy.

In addition, the researchers noted that distributing malicious content using compromised internal email server Network-level security also helps to eradicate the handling issue as they will not block internal communication.

“More specifically, the correct account names from the victim’s domain were used as sender and recipient, which increases the likelihood that the recipient will click on the link and open the malicious Microsoft Excel spreadsheet,” observe researchers.

These Fake Reply-All Emails Are Malicious Microsoft Word or Excel files that will then trick the recipient into enabling the execution of macros that will pull and install the SquirrelWaffle malware.

protect your computer from best antivirus software, and purify them with best malware removal software

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories