SUMMARY
Attacks were launched against building automation systems in several Asian organizations to gain access to more secure areas of their networks. They used Microsoft Exchange vulnerabilities known as ProxyLogon. The ProxyLogon attack can be used against unpatched mail servers running Microsoft Exchange Server 2013, 2016, or 2019 that are set up to receive untrusted connections from the outside world. This enables threat actors to execute commands on unpatched, on-premises Exchange Servers. The threat actors used this to access even more secure areas of the network, allowing them to collect previously protected data and information that is likely damaging to the company.