The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Microsoft patches the last 0-day Exchange Server vulnerabilities. They have been used by the China state-sponsored APT Hafnium for cyber espionage purpose against US. Update the systems now!
There are a series of vulnerabilities on Microsoft Exchange Server systems subject to 0-day attacks. They are known as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. According to the cybersecurity experts, the flaws are caused by gaps in the handling of user requests in the OWA components, reachable on ports 80/443, which can allow an unauthenticated remote attacker to compromise the mail server. In particular, they can be exploited in a chained manner to execute arbitrary code at a privileged level on the target Exchange services. Microsoft released immediately a patch to solve the issues. Update the systems now! However, the vulnerabilities have been already exploited by the China state-sponsored APT dubbed Hafnium to attack US organizations to steal data.