Four Zero Day vulnerabilities in Microsoft Exchange have been targeted by at least 10 advanced persistent threat (APT) hackers who have installed web shell backdoors on about 5000 servers across 115 different countries, which allow remote control of servers through web browsers. Last week, four vulnerabilities in Microsoft's exchange server became the focus of news. At that time, we heard that a hacker organization launched an attack on the e-mail servers of about 30000 U.S. government and business organizations.

ESET, a security research company, found that at least 10 apt organizations were taking advantage of these vulnerabilities to try to invade servers around the world. Winniti group, Calypso, tick and other hacker groups were found to be involved in the incident.

Webshell prevalence by country (2021-02-28 to 2021-03-09)

How to deal with it?

Enterprises and organizations should urgently use Microsoft's updates to patch their servers, and then carefully check the logs to see if the web shell has been installed.

In order to further protect the server, it is recommended to use the organization of exchange mail system to restrict users' network access (for example, through virtual private network or setting firewall rules). This can protect the server from current vulnerabilities, as well as any vulnerabilities that are inevitable in the next few years.