Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Last Updated April 2, 2021
Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on active exploitation of vulnerabilities in Microsoft Exchange Server products which are used by Hafnium-attack-group and China Chopper Web Shell attacks, and other Advanced Persistence Threats.
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments.
After successful exploitation activities, Attackers can gain access to email accounts and install additional malware/ scanning tools to remain persisted on the network.
Note: Exchange Online is not affected.
The following CVEs allow for remote code execution.
If any exploit attempts are observed with lateral movement activities, Netsurion’s EventTracker SOC recommends the following actions.
Recommended mitigation steps by CISA:
(Updated March 4, 2021): Disconnect vulnerable Exchange servers from the internet until a patch can be applied.
Existing P1 Alerts:
Indicators of Compromise
EventTracker SOC | EventTracker Enterprise SOC
Group Email : firstname.lastname@example.org
T: 877-333-1433 Extn - 3803 (OR) 1- 410-953-6776 Option 2 or Dial Extn – 3803
Flexibility and security within the IT environment are two of the most important factors driving business today. Netsurion’s managed cybersecurity platforms enable companies to deliver on both.
Netsurion Managed Threat Protection combines our ISO-certified security operations center (SOC) with our own award-winning cybersecurity platform to better predict, prevent, detect, and respond to threats against your business. Netsurion Secure Edge Networking delivers our purpose-built edge networking platform with flexible managed services to multi-location businesses the need optimized network security, agility, resilience, and compliance for all branch locations.
Whether you need technology with a guiding hand or a complete outsourcing solution, Netsurion has the model to help drive your business forward. To learn more visit netsurion.com or follow us on Twitter or LinkedIn. Netsurion is #19 among MSSP Alert’s 2020 Top 250 MSSPs.