Software giant Microsoft has come up with a PowerShell script that can be used to check whether the freshly revealed ProxyLogon flaws have hacked a Microsoft Exchange server.
Last week, Microsoft issued out-of-band emergency security updates to patch four zero-day flaws actively used in attacks against Microsoft Exchange. Tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, these flaws are known as ‘ProxyLogon’ and let the hackers carry out remote code execution on publicly exposed Microsoft Exchange servers using Outlook on the web (OWA).
As part of these attacks, the hackers installed web shells that let the hackers control the server and access the internal network.
A China state-sponsored hacking group known as HAFNIUM is being held responsible for carrying out these attacks.
A few days ago, Microsoft exposed new malware families linked with the hackers responsible for the compromise of SolarWinds. The company believes the group behind the hack is Nobelium, Russian state-sponsored cyber-attackers.