Improsec Blog New Zero-Day Exploit Targets Microsoft Exchange Servers

A new zero-day Microsoft Exchange server vulnerability was disclosed by researchers from the Vietnamese cyber security vendor GTSC. GTSC reports that a Chinese threat actor group is exploiting a Proxy-Shell-like that allows attackers to enable remote execution of commands on a compromised server. The attackers are chaining a pair of zero-days to deploy China Chopper webshell for persistence and data theft, as well as move laterally to other systems on the victim’s networks.