{"id":6256,"date":"2021-11-12T16:35:26","date_gmt":"2021-11-12T14:35:26","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/es\/nueva-oleada-de-ataques-maliciosos-a-la-vulnerabilidad-de-exchange"},"modified":"2024-05-07T19:56:33","modified_gmt":"2024-05-07T17:56:33","slug":"new-wave-of-sneaky-attacks-on-hijacked-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","title":{"rendered":"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange"},"content":{"rendered":" <p>Los servidores Exchange secuestrados se est\u00e1n utilizando actualmente para perpetrar, a trav\u00e9s del correo electr\u00f3nico, una oleada de ataques muy peligrosos. Los destinatarios reciben respuestas falsas a conversaciones de correo electr\u00f3nico aut\u00e9nticas que contienen enlaces a software malicioso, de modo similar al caso de Emotet. Sin embargo, estos mensajes de correo electr\u00f3nico se env\u00edan a trav\u00e9s de servidores de correo leg\u00edtimos de los propios remitentes.<\/p>   <p>Esto dificulta enormemente el filtrado t\u00e9cnico de los mensajes o que el lector pueda identificarlos. Seg\u00fan la Oficina Federal de Seguridad de la Informaci\u00f3n alemana (BSI, por sus siglas en alem\u00e1n), los enlaces dirigen a distintos tipos de software malicioso, como por ejemplo los especialmente da\u00f1inos Quakbot as\u00ed como DanaBot y SquirrelWaffle.<\/p>   <p>Por lo tanto, hasta la fecha no se sabe c\u00f3mo acceden los autores del ataque al tr\u00e1fico del correo ni qu\u00e9 vulnerabilidad exacta de Microsoft Exchange utilizan para perpetrar esta nueva oleada de ataque. La BSI sospecha que los servidores afectados hab\u00edan sido ya secuestrados previamente, sin que se detectara este ataque. Los datos de acceso necesarios se comercializan actualmente en diferentes mercados clandestinos de internet. Con una t\u00e9cnica de simulaci\u00f3n mejorada, estos nuevos correos electr\u00f3nicos fraudulentos podr\u00edan tener m\u00e1s \u00ab\u00e9xito\u00bb que <a href=\"https:\/\/www.retarus.com\/blog\/es\/emotet-returns-to-cause-even-greater-harm\/\">Emotet<\/a> (aunque el n\u00famero de mensajes enviados siga siendo mucho menor por el momento).<\/p>   <p>En caso de sospecha de un ataque a un servidor Exchange, la recomendaci\u00f3n de la BSI es que las empresas y las organizaciones reinicien su servidor Exchange y restauren los datos necesarios. Para estos y otros casos, Retarus ofrece el servicio <a href=\"https:\/\/www.retarus.com\/es\/email-continuity\/\">Email Continuity<\/a>, basado intencionadamente en productos de Microsoft. El servicio suministra buzones de correo web -aprovisionados previamente- y listos para usar. El enrutamiento puede desviarse a esta copia de seguridad \u00abactiva\u00bb en un abrir y cerrar de ojos.<\/p>   <p>Email Continuity est\u00e1 estrechamente vinculado a <a href=\"https:\/\/www.retarus.com\/es\/services\/email-security\/\">Retarus Email Security<\/a>, que, naturalmente, tambi\u00e9n protege por completo los buzones de correo provisionales \u00abde emergencia\u00bb. En caso de necesidad, para casos de failover (conmutaci\u00f3n por error) tambi\u00e9n est\u00e1n disponibles -bajo demanda- otros servicios habituales de <a href=\"https:\/\/www.retarus.com\/es\/secure-email-platform\/\">Retarus Secure Email Platform<\/a> como el archivado o el cifrado del correo electr\u00f3nico.<\/p> ","protected":false},"excerpt":{"rendered":"<p>Los servidores Exchange secuestrados se est\u00e1n utilizando actualmente para perpetrar, a trav\u00e9s del correo electr\u00f3nico, una oleada de ataques muy peligrosos.  Los destinatarios reciben respuestas falsas a conversaciones de correo electr\u00f3nico aut\u00e9nticas que contienen enlaces a software malicioso, enviados a trav\u00e9s de servidores de correo leg\u00edtimos de los propios remitentes.<\/p>\n","protected":false},"author":14,"featured_media":8165,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[8,15],"tags":[2927,3669],"dipi_cpt_category":[],"class_list":["post-6256","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-continuity","tag-exchange"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.7 (Yoast SEO v24.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange - Retarus Corporate Blog - ES<\/title>\n<meta name=\"description\" content=\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange\" \/>\n<meta property=\"og:description\" content=\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - ES\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-12T14:35:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T17:56:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\",\"name\":\"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange - Retarus Corporate Blog - ES\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg\",\"datePublished\":\"2021-11-12T14:35:26+00:00\",\"dateModified\":\"2024-05-07T17:56:33+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/es\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/es\/\",\"name\":\"Retarus Corporate Blog - ES\",\"description\":\"Siempre al d\u00eda\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/es\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/es\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/es\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange - Retarus Corporate Blog - ES","description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","og_locale":"es_ES","og_type":"article","og_title":"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange","og_description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","og_url":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","og_site_name":"Retarus Corporate Blog - ES","article_published_time":"2021-11-12T14:35:26+00:00","article_modified_time":"2024-05-07T17:56:33+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Thomas Cloer","Tiempo de lectura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","url":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","name":"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange - Retarus Corporate Blog - ES","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg","datePublished":"2021-11-12T14:35:26+00:00","dateModified":"2024-05-07T17:56:33+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/es\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/es\/wp-content\/uploads\/sites\/26\/2024\/05\/shutterstock_1378498490.jpg","width":1920,"height":1080,"caption":"Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/es\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/es\/"},{"@type":"ListItem","position":2,"name":"Nueva oleada de ataques maliciosos a la vulnerabilidad de Exchange"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/es\/#website","url":"https:\/\/www.retarus.com\/blog\/es\/","name":"Retarus Corporate Blog - ES","description":"Siempre al d\u00eda","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/es\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/es\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/es\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/posts\/6256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/comments?post=6256"}],"version-history":[{"count":7,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/posts\/6256\/revisions"}],"predecessor-version":[{"id":9181,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/posts\/6256\/revisions\/9181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/media\/8165"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/media?parent=6256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/categories?post=6256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/tags?post=6256"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/es\/wp-json\/wp\/v2\/dipi_cpt_category?post=6256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}