{"id":5839,"date":"2021-11-12T16:35:26","date_gmt":"2021-11-12T14:35:26","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/fr\/failles-de-securite-microsoft-exchange-nouvelle-vague-dattaques"},"modified":"2024-05-07T19:41:11","modified_gmt":"2024-05-07T17:41:11","slug":"new-wave-of-sneaky-attacks-on-hijacked-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","title":{"rendered":"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d’attaques"},"content":{"rendered":"

Les cybercriminels frappent par tous les moyens et semblent sans limite. Pour preuve, des serveurs Exchange compromis sont actuellement utilis\u00e9s dans le cadre d’une vague d’attaques par e-mail particuli\u00e8rement insidieuse. Sur le mod\u00e8le du logiciel Emotet consid\u00e9r\u00e9 comme l’un des plus dangereux du monde, les destinataires re\u00e7oivent de pr\u00e9tendues r\u00e9ponses \u00e0 de r\u00e9elles conversations de messagerie auxquelles ils ont bel et bien particip\u00e9. En r\u00e9alit\u00e9 s’y cachent des liens vers des logiciels malveillants. Subtilit\u00e9 : ces e-mails sont toutefois envoy\u00e9s depuis des serveurs de messagerie l\u00e9gitimes du c\u00f4t\u00e9 de l’exp\u00e9diteur.<\/p>

Ce qui rend extr\u00eamement difficile le filtrage technique de ces messages et leur reconnaissance lors de la lecture. Selon les mises en garde de l’Office f\u00e9d\u00e9ral allemand de la s\u00e9curit\u00e9 des technologies de l’information (Bundesamt f\u00fcr Sicherheit in der Informationstechnik ou BSI), ces liens renvoient \u00e0 divers logiciels malveillants, entre autres le fameux Quakbot qui s’av\u00e8re particuli\u00e8rement dangereux, ou encore DanaBot et SquirrelWaffle.<\/p>

Probl\u00e8me de taille : les sp\u00e9cialistes du risque cyber ignorent comment les malfaiteurs obtiennent l’acc\u00e8s aux flux de messagerie et quelles sont concr\u00e8tement les vuln\u00e9rabilit\u00e9s de Microsoft Exchange exploit\u00e9es pour servir cette nouvelle vague d’attaques. D’apr\u00e8s le BSI, il est possible que les serveurs concern\u00e9s soient d\u00e9j\u00e0 sous le contr\u00f4le de hackers depuis un certain temps sans qu’ils aient \u00e9t\u00e9 d\u00e9tect\u00e9s. Les donn\u00e9es d’acc\u00e8s correspondantes seraient actuellement n\u00e9goci\u00e9es sur Internet sur des march\u00e9s en ligne sp\u00e9cialis\u00e9s. Gr\u00e2ce \u00e0 leurs techniques avanc\u00e9es de simulation de messages authentiques, ces nouvelles attaques pourraient bien s’av\u00e9rer encore plus \u00ab efficaces \u00bb que le cheval de Troie Emotet<\/a>. Une gageure ! Petite \u00ab\u00a0consolation\u00a0\u00bb : le nombre de messages envoy\u00e9s resterait bien plus faible… pour le moment.<\/p>

En cas de suspicion de compromission de vos serveurs Exchange, les experts recommandent aux entreprises et organisations de r\u00e9installer leurs serveurs Exchange, puis de r\u00e9tablir les donn\u00e9es. Dans ce cas pr\u00e9cis et dans d’autres cas de figure, Retarus propose le service Email Continuity<\/a>. Un service n’\u00e9tant d\u00e9lib\u00e9r\u00e9ment pas bas\u00e9 sur les produits Microsoft. Il met \u00e0 disposition des bo\u00eetes de messagerie Webmail pr\u00e9provisionn\u00e9es et pr\u00eates \u00e0 fonctionner. Le routage peut \u00eatre redirig\u00e9 vers cette sauvegarde \u00ab active \u00bb dans des d\u00e9lais tr\u00e8s courts.<\/p>

Email Continuity est \u00e9troitement int\u00e9gr\u00e9 \u00e0 la solution Retarus Email Security<\/a>, qui assure bien entendu \u00e9galement la protection totale des bo\u00eetes de messagerie ext\u00e9rieures. En cas de besoin, d’autres services de la Retarus Secure Email Platform<\/a> restent disponibles, comme l’archivage ou le chiffrement des e-mails int\u00e9gr\u00e9s au sein de notre solution de basculement.<\/p> ","protected":false},"excerpt":{"rendered":"

Des serveurs Exchange compromis sont actuellement utilis\u00e9s dans le cadre d’une vague d’attaques par e-mail particuli\u00e8rement insidieuse. Les destinataires re\u00e7oivent de pr\u00e9tendues r\u00e9ponses \u00e0 de r\u00e9elles conversations de messagerie, o\u00f9 se cachent des liens vers des logiciels malveillants \u2013 envoy\u00e9s depuis des serveurs de messagerie l\u00e9gitimes du c\u00f4t\u00e9 de l’exp\u00e9diteur.<\/p>\n","protected":false},"author":14,"featured_media":8094,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[8,15],"tags":[2927,3652],"dipi_cpt_category":[],"class_list":["post-5839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-continuity","tag-exchange"],"acf":[],"yoast_head":"\nFailles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d'attaques - Retarus Corporate Blog - FR<\/title>\n<meta name=\"description\" content=\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d'attaques\" \/>\n<meta property=\"og:description\" content=\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - FR\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-12T14:35:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T17:41:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\",\"name\":\"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d'attaques - Retarus Corporate Blog - FR\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg\",\"datePublished\":\"2021-11-12T14:35:26+00:00\",\"dateModified\":\"2024-05-07T17:41:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d’attaques\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/fr\/\",\"name\":\"Retarus Corporate Blog - FR\",\"description\":\"Restez inform\u00e9\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/fr\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/fr\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d'attaques - Retarus Corporate Blog - FR","description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","og_locale":"fr_FR","og_type":"article","og_title":"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d'attaques","og_description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","og_url":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","og_site_name":"Retarus Corporate Blog - FR","article_published_time":"2021-11-12T14:35:26+00:00","article_modified_time":"2024-05-07T17:41:11+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Thomas Cloer","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","url":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","name":"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d'attaques - Retarus Corporate Blog - FR","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg","datePublished":"2021-11-12T14:35:26+00:00","dateModified":"2024-05-07T17:41:11+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/fr\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/fr\/wp-content\/uploads\/sites\/24\/2024\/05\/shutterstock_1378498490.jpg","width":1920,"height":1080,"caption":"Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/fr\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/fr\/"},{"@type":"ListItem","position":2,"name":"Failles de s\u00e9curit\u00e9 Microsoft Exchange: nouvelle vague d’attaques"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/fr\/#website","url":"https:\/\/www.retarus.com\/blog\/fr\/","name":"Retarus Corporate Blog - FR","description":"Restez inform\u00e9","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/fr\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/fr\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/posts\/5839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/comments?post=5839"}],"version-history":[{"count":7,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/posts\/5839\/revisions"}],"predecessor-version":[{"id":8916,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/posts\/5839\/revisions\/8916"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/media\/8094"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/media?parent=5839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/categories?post=5839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/tags?post=5839"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/fr\/wp-json\/wp\/v2\/dipi_cpt_category?post=5839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}