via news.netcraft.com => original post link
Exploiting a zero-day vulnerability in MOVEit Transfer, criminals have deployed web shells on vulnerable file transfer servers and gained access to a variety of high-profile organizations. More than a week since remediation instructions were published, Netcraft has discovered web shells still present on servers associated with energy, healthcare, and finance companies.
Web shells are control panels used by criminals to exfiltrate data from compromised servers, run exploits, and maintain remote access, often persisting long after the original vulnerability has been fixed.
Using zero-day vulnerabilities to install web shells is not a new tactic. We previously reported on web shells installed via the Microsoft Exchange ProxyLogon and ProxyShell vulnerabilities in 2021. Two years later, Netcraft continues to detect new installations of web shells on still-vulnerable Microsoft Exchange servers.