ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America
July 5, 2024, 4:21 p.m.
Tags
External References
Description
This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sensitive communications, targeting specific offices in Afghanistan, Laos, Georgia, and Argentina. The findings underscore the persistent threat posed by unpatched vulnerabilities and the adaptability of malicious actors in achieving their objectives.
Date
Published: July 5, 2024, 3:03 p.m.
Created: July 5, 2024, 3:03 p.m.
Modified: July 5, 2024, 4:21 p.m.
Indicators
f527ea33f22293d99a5687fc13595c84830d6f2c52add1f08e49fbf607458251
934e9336d45771a74de544be31e3dc8ec624891c5fc95a36d9ec124b39c4e5c7
016344d35f6f217f9f8b483dacb8154b45139355bcc45a3f94910351b5df42b5
4ad4d5edd434f8269cdf5511667364962dff7f2535ae13cd8102c6acde061a19
Attack Patterns
T1009
T1585
T1537
T1550
T1064
T1567
T1213
T1114
T1087
T1082
T1083
T1071
T1020
T1040
T1053
T1190
T1078
T1059
Additional Informations
Government
Georgia
Lao People's Democratic Republic
Argentina