Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
The US CISA: Protect against active exploitation of ProxyShell vulnerabilities! Malicious cyber actors are actively exploiting the vulnerabilities CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207
Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. It has been denounced by the US Cybersecurity and Infrastructure Security Agency (CISA). An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.