CISA Adds Two Web Shells to Exchange Server Guidance
The Department of Homeland Security’s Cybersecurity and Infrastructure security agency (CISA) updated its’ guidance for ongoing Microsoft Exchange Server security issues. The guidance includes two new Malware Analysis Reports. Both reports are included in the “Mitigate Microsoft Exchange Server Vulnerabilities” and identifies a Web shell in compromised exchange servers. CISA has also updated seven existing MARs to help organizations identify the malware seen so far.
The MARA so far focus on China Chopper, a Web shell seen commonly throughout the attacks. China Chopper can be used after the hacker exploits the exchange vulnerability and gains access to a system. The China Chopper can be used to remotely execute commands from an operating system and upload and execute tools. Today’s brief brings nine China Chopper Web shells to detail in the list of Web shells the attackers are using.