This vulnerability was designed to allow an Iranian threat actor to remotely compromise a victim’s Exchange Server with a backdoor called PowerExchange.
CVE-2018-0122 describes the capabilities of this so-called simple yet effective backdoor.
PowerExchange, written in PowerShell, employs text files attached to emails for command-and-control (C2) communication and allows the attacker to run arbitrary payloads and download files from and to the system.
It is not known how the threat actor managed to obtain domain credentials to connect to the target Exchange Server.
Similarly, communication via internet-facing Exchange servers is a common tactic for Oil Rig actors as seen in the cases of Karkoff and Mr.PerfectionManager.
This vulnerability was addressed by a likely Iranian Threat Actor who wishes to breach the victim’s Microsoft Exchange Server using this backdoor.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply