Tenable Report: 'ProxyLogon Vulnerability Still Exposes 91% of Affected Exchange Servers to Attacks'
Despite being disclosed in March 2021, the ProxyLogon vulnerability remains unpatched in 91% of Exchange Servers. The flaw continues to be exploited by China-linked hacking group Salt Typhoon in cyber-espionage campaigns.
ProxyLogon Vulnerability Remains Open for Exploitation
A critical security flaw, ProxyLogon (CVE-2021-26855), which was initially disclosed by Microsoft in March 2021, continues to put numerous systems at risk. Despite nearly four years passing, 91% of Exchange Server systems with this vulnerability remain unpatched, according to a report by cybersecurity risk management firm Tenable. The flaw is actively being exploited by the China-backed cyber-espionage group Salt Typhoon, among others, to conduct attacks on U.S. telecommunications and government networks.
Salt Typhoon's Espionage Tactics
Scott Caveza, a research engineer at Tenable, noted that Salt Typhoon uses specialized malware to remain undetected within victim networks for extended periods. Malware like GhostSpider, SnappyBee, and Masol are the primary tools used by this group for espionage operations. These persistent attackers utilize remote code execution to infiltrate and control targeted systems.
In addition to Salt Typhoon, other Chinese government-backed groups such as Volt Typhoon and Flax Typhoon have been using similar tactics but targeting different sectors. Volt Typhoon, for example, is focused on disrupting U.S. critical infrastructure with an eye on disabling key systems during potential conflicts. Meanwhile, Flax Typhoon targets IoT devices to create botnet networks for future cyber-attacks.
Congress Focuses on China's Cyber Threats
In a recent session of the U.S. House of Representatives Homeland Security Committee, China’s growing cyber threats were highlighted as one of the primary topics. Experts emphasized that China poses the most "capable and opportunistic" cyber threat to the U.S.
Former U.S. Navy Rear Admiral Mark Montgomery explained that Volt Typhoon’s operations are designed to disrupt the speed and efficiency of military operations by targeting logistics networks. He described these actions as "preparing the battlefield" in the context of potential warfare.
Urgent Action Needed
Caveza stressed the importance of organizations regularly patching their publicly accessible devices and swiftly addressing known vulnerabilities despite persistent attacks from these threat groups. "It’s vital for organizations to close these security gaps quickly to protect against further exploitation," he said.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
