Bluepurple - Week ending August 22nd
Mass exploitation Sunday - it is always the weekends
Welcome to the substack from the blueteamsec subreddit.
This week operationally it is all about the continued carnage that is the mass Microsoft Exchange exploitation via ProxyShell. We saw similar incidents happen with Exchange earlier in the year and also with vulnerabilities such as Citrix, F5, Pulse VPN etc. Increasingly the speculative mass compromise by state and organised crime groups is a thing and one can’t see why it will be a trend that will stop any time soon.
140+ webshells across 1900+ unpatched boxes in 48hrs
corroborate[d] that the webshell and LockFile ransomware incidents we’re seeing within companies may be related
A more upbeat little nugget comes from Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat
Chinese culture celebrated hackers. A 2005 study by the Shanghai Academy of Social Sciences compared hackers to rock stars. Finding that 2 out of 5 elementary age children adored hackers and third wanted to to grow up to …
Keep reading with a 7-day free trial
Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.