Tag: microsoft exchange

2 Attack Reports | 0 Vulnerabilities

Attack reports

Advanced Cyberattacks Against UAE and Gulf Regions

Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
cyber espionage
credential theft
oilrig
CVE-2024-30088
privilege escalation
microsoft exchange
2024-10-14
apt34
stealhook
iis malware
gulf region
uae
Published: October 14, 2024
Downloadable IOCs: 17

ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…
python
powershell
CVE-2021-34473
2024-07-05
proxyshell
CVE-2021-31207
CVE-2021-34523
microsoft exchange
Published: July 5, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports