Chinese Espionage Teams Target MS Exchange
March 24th, 2023 |
Microsoft Exchange continues to find itself in the crosshairs of another cyber attack, this time at the hands of Chinese cyber espionage threat actors.
The hackers begin by infiltrating Internet-facing Microsoft Exchange servers via a plethora of vulnerabilities that Microsoft Exchange is marred with. Once in the server, the attackers deploy “webshells” used for command execution. From there, they conduct reconnaissance, credential theft, lateral movement, and data exfiltration activities.
The threat actor is a Chinese cyber espionage group in the nexus of Gallium and APT41. APT41 is notorious for targeting telecommunication providers.
For example, through coded malware, these attackers are able to obtain information about Active Directory objects, including user information, and Remote Desktop sessions.
Microsoft Exchange continues to be a top target for threat actors and ransomware according to the cyber insurance industry. So much so that many insurers automatically deem any customer with Microsoft Exchange as high-risk.
Acreto has been the choice of many cyber insurance providers to mitigate the high risks of owning and operating Microsoft Exchange. The solution removes both the Internet and internal attack surface for Exchange servers. With Acreto, high-risk customers are deemed low-risk to become insurable, achieve the coverage limits required and benefit from the cost advantages.
Best of all, the Acreto solution is provisioned in minutes and deployed in 2-4 hours. This empowers customers with coverage deadlines to get the coverage they need.
Below is a sample of an Exchange security deployment with Acreto:
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.