Cybersecurity

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

53 sec read4 views0 listens

Summary

Chinese state-sponsored hackers have exploited a recently disclosed vulnerability in Microsoft Exchange to breach an energy sector network. The attack involved multiple stages, including the deployment of web shells and malicious DLLs, resulting in the installation of Deed RAT for lateral movement within the compromised environment.

Key Points:

Initial Exploit: Hackers used ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082) to gain initial access.
Web Shells Deployed: Web shells were dropped on the Exchange server, facilitating further exploitation.
Sideloading Techniques: Malicious DLLs were deployed using sideloading techniques mimicking legitimate software (e.g., LogMeIn Hamachi).
Persistence Mechanisms: The attackers attempted to install a kernel driver for persistence but failed. They also used registry keys and file paths to maintain access.
Command-and-Control Servers: Communication with command-and-control servers was established using domain names like virusblocker[.]it[.]com and sentinelonepro[.]com.

Indicators of Compromise (IoCs):

File Hashes: MD5 hashes for

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

The attack surface moved inside the agent. So did Arcjet.

Arcjet introduced Guards, a security tool that enforces policies within AI agents and agentic systems, addressing the limitations of traditional web application firewalls which are ineffective against internal threats. This development is crucial for...

Ali Nemati

Cybersecurity4 days ago24 sec read

New cPanel and WHM Flaws Enable Code Execution, DoS Attacks

cPanel has disclosed three critical vulnerabilities in its web hosting control panel and WP Squared platform, enabling arbitrary file reads, Perl code injection, and denial-of-service attacks. Immediate patching is essential for server administrators...

Ali Nemati

Cybersecurity6 days ago23 sec read

Blackwater Targets Minidoka Memorial Hospital in Ransomware Attack

On May 2, 2026, the ransomware group Blackwater attacked Minidoka Memorial Hospital in the USA, threatening to release sensitive data unless demands are met. This attack highlights the growing risk of ransomware targeting critical infrastructure and ...

Ali Nemati

Cybersecurity6 days ago25 sec read

New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server

ZiChatBot malware uses Zulip's REST APIs to receive commands, making it harder for security tools to detect. This threat was delivered through malicious Python packages on PyPI that masqueraded as legitimate development libraries, targeting both Wind...

Ali Nemati

Cybersecurity6 days ago47 sec read

New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft

Summary A new worm called PCPJack has emerged, targeting Docker, Kubernetes, Redis, and MongoDB environments to steal credentials. This malware leverages a variety of vulnerabilities, including those in Next.js middleware, React Server Actions, WPViv...

Ali Nemati

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

Summary

Key Points:

Indicators of Compromise (IoCs):

Related Articles

The attack surface moved inside the agent. So did Arcjet.

New cPanel and WHM Flaws Enable Code Execution, DoS Attacks

Blackwater Targets Minidoka Memorial Hospital in Ransomware Attack

New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server

New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft