VERY IMPORTANT

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sensitive communications, targeting specific offices in Afghanistan, Laos, Georgia, and Argentina. The findings underscore the persistent threat posed by unpatched vulnerabilities and the adaptability of malicious actors in achieving their objectives.