Ask us howwe can help secure your environment with the top 10-12 security enhancements every firm should have.#ITCornerView
The attackers used CVE-2021-26857 to run code of their choice under the “system” account on a targeted Exchange server. The other two zero-day flaws — CVE-2021-26858 and CVE-2021-27065 — could allow an attacker to write a file to any part of the server.
After exploiting these vulnerabilities to gain initial access, Hafnium operators deployed web shells on the compromised server, Microsoft said. Web shells are software backdoors that allow attackers to steal data and perform additional malicious actions that lead to further compromise.