Chinese APT actors are at it again! This time targeting your on-premise Microsoft Exchange Servers to access email, installing malicious software and establishing persistent access inside your network. Like the SolarWinds Breach, CISA has issued an emergency directive to "immediately patch and triage systems for signs of compromise".
Our Incident Responders have been busy investigating multiple instances of exploitation, and we want to give share the information as soon as possible. ProCircular’s Lead Incident Responder, Aaron Heikkila, as he presents on what we've seen in the wild, steps to mitigate risk, and how to respond if you've been targeted.