The Lemon Duck cryptocurrency mining botnet is being used to target unpatched Microsoft Exchange servers.
Lemon Duck steals computer resources to mine for the Monero cryptocurrency.
92% of worldwide Exchange IPs were patched or mitigated as of March 25, according to Microsoft.
Unpatched Microsoft Exchange servers continue to be targeted by malicious groups. A post by Cisco Talos explains that a cryptocurrency botnet called Lemon Duck is being used by operators to target vulnerable Microsoft Exchange servers (via ZDNet). The botnet s goal is to install a payload onto devices that can then be used to steal computer processing power to mine the Monero cryptocurrency.
As part of the operation, which authorized the activity for email servers in the United States, the FBI copied and removed one early hacking group s remaining web shells from affected targets. The Web shells could have been used to maintain and increase unauthorized access to networks if left on the compromised machine, say officials, who call the operation successful.
News of the operation arrives roughly six weeks after Microsoft disclosed critical Exchange Server flaws that have since been used to target thousands of networks around the world. An attacker could leverage the vulnerabilities to break into an unpatched server and steal its data.
What you need to know
U.S. government agencies have suffered from vulnerabilities in Microsoft Exchange Server.
The attackers appear to be state-sponsored Chinese hackers.
CISA is instructing the use of Microsoft tools to secure infrastructure.
U.S. government agencies with on-site variants of Microsoft Exchange Server have been instructed by the Cybersecurity and Infrastructure Security Agency (CISA) to use Microsoft patches and anti-malware tools to suss out any threats. All affected agencies are instructed to implement security hardening changes by June 28, 2021. The specific changes CISA is demanding can be read here.
This need for heightened security comes as a result of state-sponsored Chinese hackers taking advantage of security flaws to steal Exchange Server data. Microsoft has a blog post detailing some specifics of the hacker organization, which has been dubbed Hafnium. According to the post, though Hafnium is based in China, the group s members lease and use virtual p
Black Kingdom Ransomware Hits Unpatched Exchange Servers govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.