Publication Date – March 18, 2021
A vulnerability in Microsoft Exchange servers, which allows attackers to implant web shells on victim’s servers. The existence of a web shell indicates that the vulnerability has been exploited.
Backdoor/Exchange.ProxyLogon refers to several types of web shells placed on Microsoft Exchange servers using the ProxyLogon vulnerability [CVE-2021-26855]. After being implanted in the Exchange server, the web shells can then be used to escalate and maintain persistent access to the server and exfiltrate information.