Updates on Microsoft Exchange Server Vulnerabilities

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

• MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actor can upload a webshell to enable remote administration of the affected system.
• MAR-10330097-1.v1: DearCry Ransomware identifies ransomware that has been used to exploit compromised on-premises Exchange servers. The malware encrypts files on a device and demands ransom in exchange for decryption.

CISA encourages users and administrators to review the following resources for more information:

• CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
• CISA web page Remediating Microsoft Exchange Vulnerabilities
• CISA web page Ransomware Guidance and Resources