Don't sleep on the new proxyshell miner campaign

ProxyShellMiner is being distributed to Windows endpoints through a very elusive malware operation, according to Morphisec.

As the name implies, ProxyShellMiner compromises an organisation by using the ProxyShell vulnerabilities CVE-2021-34473 and CVE-2021-34523 in Windows Exchange servers to get initial access and distribute crypto miners. The attackers use the domain controller’s NETLOGON folder to make sure the miner runs throughout the domain after successfully penetrating an Exchange server and taking control, much as how software is distributed through GPO. We discovered that the attackers were utilising four C2 servers. The legitimate, infected mail servers are all where the malware-dependent files are kept.

Don't sleep on the new proxyshell miner campaign

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Don't sleep on the new proxyshell miner campaign

15-Feb-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address