CISA has added seven Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actors can upload a webshell to enable remote administration of the affected system.
In addition to the MARs, CISA added information on ransomware activity associated with exploitation of the Exchange Server products, including DearCry ransomware.
CISA encourages users and administrators to review the following resources for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.