Nearly all public-facing Microsoft Exchange Server instances with a critical vulnerability exploited by China's Salt Typhoon remain unpatched despite a patch being available for nearly four years. This vulnerability allows Chinese government hackers to gain remote code execution on targeted servers. The attackers utilize custom malware like GhostSpider, SnappyBee, and the Masol remote access trojan to maintain persistence on compromised networks.
One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years. Despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.
According to cyber-risk management firm Tenable, 91 percent of the nearly 30,000 openly reachable instances of Exchange vulnerable to CVE-2021-26855, aka ProxyLogon, have not been updated to close the hole. This vulnerability was disclosed in March 2021, and researchers warned it was being exploited with a chain of other bugs by Chinese government snoops to achieve remote code execution on targets' Exchange Servers. Later that year, Microsoft released a patch for the vulnerability. The Salt Typhoon is known for maintaining a stealthy presence on victim networks and remaining undetected for a significant time period. Scott Caveza, Tenable staff research engineer, said, 'The snoops maintain persistence via custom malware including GhostSpider, SnappyBee, and the Masol remote access trojan.' In Salt Typhoon campaigns, the malware used includes SnappyBee, which is a modular backdoor shared among Chinese-government-linked groups, plus the Demodex rootkit to remain hidden, as well as GhostSpider, a new backdoor that can load different modules based on the attackers' specific purposes. All three of these nation-state crews were topics of discussion during yesterday's US House of Representatives' Committee on Homeland Security hearing. During the committee meeting, expert witnesses including former government and military cybersecurity leaders told lawmakers that China is 'America's most capable, and opportunistic cyber adversary' and that 'Trump waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards has targeted US critical infrastructure with the goal of maintaining persistence and preparing for destructive actions. This is the crew that keeps national security officials and threat intel analysts awake at night. As a military planner, I used to call this operational preparation of the battlefield,' retired US Navy Rear Admiral Mark Montgomery told Congress on Wednesday. 'China's overarching goal in executing an operation like Volt Typhoon is to disrupt or degrade America's rail, port, and aviation systems, so the US cannot rapidly mobilize military forces and get military equipment, personnel, and supplies to the battlefield.' Volt Typhoon's focus has been on compromising IoT devices to build a botnet that can be used to launch future attacks. 'While each group's targets and activities are unique, the 'eye' of each of these typhoons is they target unpatched and often well-known vulnerabilities for initial access, targeting public-facing servers,' Caveza wrote. 'Despite the persistence of these threat actors, it's vital that organizations routinely patch public-facing devices and quickly mitigate known and exploited vulnerabilities.'
CHINA HACKING SALT TYPHOON EXCHANGE SERVER VULNERABILITY APT CYBERSECURITY
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Top 10 Chinese Restaurants in Lancashire to Celebrate Chinese New YearThis article highlights the top 10 Chinese restaurants in Lancashire according to TripAdvisor, perfect for celebrating Chinese New Year with delicious cuisine. The list features restaurants in Blackpool, known for its diverse food scene.
Read more »
WWE 2K23 Servers Shut Down Less Than Two Years After ReleaseWWE 2K23's online functionality has been terminated due to the closure of its servers, marking a swift end to the game's online experience.
Read more »
Outdated Servers Drain Energy, HPE Urges Refresh40% of global servers are over six years old, consuming 66% of data center energy while providing only 7% of compute. HPE highlights inefficiency and carbon footprint, urging customers to upgrade to newer, more energy-efficient models.
Read more »
PGA Tour 2K21 Servers to Shut Down in October 2025The PGA Tour 2K21 servers will be permanently shut down on October 30, 2025, ending all online functionality. This includes the in-game store, progression rewards, and online game modes. While offline modes will still be playable, two achievements, 'Playing With Others' and 'Invite Only', will be discontinued. The game has already been delisted from digital storefronts, and VC purchases will cease on August 30, 2025.
Read more »
Jenny Lau's 'An A-Z of Chinese Food (Recipes Not Included)': Celebrating Food Culture Over RecipesIn her new book, 'An A-Z of Chinese Food (Recipes Not Included)', Jenny Lau takes readers on a witty and insightful journey through the world of Chinese food culture. Lau, a respected voice in the diasporic Chinese community, prioritizes authenticity and representation in her work, rejecting the pressure to conform to mainstream expectations. The book explores the cultural and emotional connections surrounding Chinese food, offering a unique perspective that celebrates the richness and diversity of the cuisine.
Read more »
Taliban Releases Two Americans in Prisoner ExchangeAfghanistan’s Taliban government announced the release of two U.S. citizens in a prisoner exchange.
Read more »