2025-01-31 00:30:52 Pacfic
Salt Typhoon exploits Exchange Server Vulnerability - 6d
The Chinese APT group Salt Typhoon continues to exploit a critical vulnerability in Microsoft Exchange Servers, despite a patch being available for almost four years. A staggering 91% of at-risk Exchange servers remain unpatched, leaving them exposed to exploitation. This negligence allows the attackers to gain initial access to networks, enabling lateral movement and data exfiltration, potentially leading to data breaches and further system compromises. This specific vulnerability, known as ProxyLogon (CVE-2021-26855), has been a long-term target and was first disclosed by Microsoft in March 2021, with warnings that it was being used to achieve remote code execution.
Salt Typhoon maintains a stealthy presence on victim networks using custom malware such as GhostSpider, SnappyBee, and the Masol remote access trojan to establish persistence. The group targets well-known vulnerabilities for initial access, and their methods include using the Demodex rootkit to remain hidden. Despite repeated warnings from law enforcement and private sector security firms, the vast majority of public-facing Microsoft Exchange Server instances remain unpatched. The continued exploitation of this flaw highlights the ongoing challenge of patching critical systems and ensuring organizations apply available security updates.
ImgSrc: ciso2ciso.com
References:
- CISO2CISO.COM & CYBER SECURITY GROUP - One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers – Source: go.theregister.com - 6d
- @jos1264 - One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers – Source: go.theregister.com - 6d
- ciso2ciso.com - One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers – Source: go.theregister.com - 6d
Classification:
- HashTags: SaltTyphoon MicrosoftExchange UnpatchedVulnerability
- Company: Microsoft
- Target: Microsoft Exchange Servers
- Attacker: Salt Typhoon
- Product: Exchange Server
- Feature: Exchange Server vulnerability
- Type: Vulnerability
- Severity: Major