According to several resources an APAC based threat actor group, managed to hack into the building automation systems of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.
The attackers focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon.
Check Point IPS obtain protection for this vulnerability since Mar-2021. We highly recommend all our customers, especially the ones which protect building automation systems to activate the protection, preventing any attempt to exploit the vulnerability.
