On March 1, 2021, one of our security partners observed China Chopper web shell alerts triggered from multiple customer environments. Analysis revealed that the activity exploited Microsoft Exchange Server vulnerabilities. On March 2, Microsoft confirmed that Exchange vulnerabilities have been exploited in limited and targeted
attacks and released out-of-band security updates.
Recommended actions
Customers are advised to review and apply the security updates as appropriate in their environments as soon as possible.
Questions
If you have any questions or concerns about this advisory, please contact us via support@empsn.org.uk
References
https://portal.secureworks.com/portal/intel/tip/8955
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901
https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/