Heimdal
article featured image

Contents:

Microsoft is once again confronted with reports of a new zero-day vulnerability being used to hack Exchange servers which might have led to the launch LockBit ransomware attacks.

In July 2022, two servers operated by a customer of the South Korean AhnLab cybersecurity firm were infected with LockBit 3.0 ransomware.

Another Zero-Day Vulnerability

As reported, threat actors initially deployed web shell on a compromised Exchange server and needed just 7 days to escalate privileges to Active Directory admin, stealing roughly 1.3 TB of data before encrypting systems hosted in the network.

Source

AhnLab`s forensic analysis experts claim the Exchange servers were likely hacked using an “undisclosed zero-day vulnerability,” at a time when Microsoft is already working on security patches to address two actively exploited Microsoft Exchange zero-daysCVE-2022-41040 and CVE-2022-41082.  AhnLab experts believe the one used to gain access to the Exchange server in July might be different since attack tactics differ. However, other experts do not seem too convinced that it might not be a zero-day altogether.

It is worth noting that the analysis is no longer accessible on the cybersecurity company`s site.

Undiscovered Vulnerabilities

Whether this event was truly caused by a zero-day flaw or not, there is a security vendor that claims it knows of three other undisclosed Exchange flaws and provides “vaccines” to block exploitation attempts. Discovered by Zero Day Initiative vulnerability researcher Piotr Bazydlo and already reported to Microsoft, they are tracked as ZDI-CAN-18881ZDI-CAN-18882, and ZDI-CAN-18932.

Microsoft is yet to disclose any information regarding these three security flaws since they were reported by Trend Micro Zero Day Initiative, nor has a CVE ID been assigned to track them.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE