Chile's Comisión para el Mercado Financiero (CMF), a financial market commission which regulates and oversees the entities and activities which take part in the securities and insurance markets in Chile, said it has suffered a security incident after hackers exploited the ProxyLogon vulnerabilities in the organization’s Microsoft Exchange servers.
On March 2, Microsoft released emergency updates to address a number of Microsoft Exchange vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) collectively dubbed ProxyLogon that were exploited in real-world attacks. The company attributed the attacks to the China-linked hacker group Hafnium, however, not long after the disclosure the cybersecurity firm ESET said that at least ten state-sponsored threat groups are exploiting these flaws in their campaigns.
The attack took place on March 12 and was detected and contained at an early stage, according to CMF.
“The Commission for the Financial Market (CMF) updates information on the operational incident reported yesterday, caused by vulnerabilities in the Microsoft Exchange email platform," CMF said. "The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform.”
CMF also shared Indicators of Compromise (IoCs) related to the intrusion, such as web shells and a batch file found on its compromised server to help the security professionals and Microsoft Exchange administrators.