Chile's bank regulator shares IOCs after Microsoft Exchange hack

Chile's bank regulator shares IOCs after Microsoft Exchange hack


Chile's Comisión para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.


The CMF operates under the Ministry of Finance and is the regulator and inspector for banks and financial institutions in Chile.


This week, CMF disclosed that they suffered a cyberattack after threat actors exploited the recently disclosed ProxyLogon vulnerabilities in their Microsoft Exchange servers to install web shells and attempt to steal credentials.


"The Commission for the Financial Market (CMF) updates information on the operational incident reported yesterday, caused by vulnerabilities in the Microsoft Exchange email platform."


"The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform," disclosed the Comisión para el Mercado Financiero.


CMF further states that they are investigating the breach and have been in contact with the Computer Security Incident Response Team (CSIRT) of the Ministry of Finance.


CMF shares IOCs of their attack


To aid security professionals and other Microsoft Exchange administrators, the CMF has released IOCs of web shells and a batch file found on their compromised server.


0b15c14d0f7c3986744e83c208429a78769587b5: error_page.aspx (China Chopper web shell)
bcb42014b8dd9d9068f23c573887bf1d5c2fc00e: supp0rt.aspx (China Chopper web shell)
0aa3cda37ab80bbe30fa73a803c984b334d73894: test.bat (batch file to dump lsass.exe)

While indicators of compromise (IOC) will have different file hashes for each vi ..

Support the originator by clicking the read the rest link below.