bad actors targeted exchange- /owa/auth/x.js

%3CLINGO-SUB%20id%3D%22lingo-sub-2794975%22%20slang%3D%22en-US%22%3Ebad%20actors%20targeted%20exchange-%20%2Fowa%2Fauth%2Fx.js%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2794975%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMost%20of%20the%20attacks%20were%20reconnaissance%20attempts.%20A%20significant%20number%20of%20these%20were%20against%20systems%20that%20did%20not%20run%20Exchange%20in%20the%20backend%3A%3C%2FP%3E%3CP%3E%E2%80%A2%20%2Fowa%2Fauth%2Fx.js%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20we%20find%20it%20from%20the%20bad%20actors%20targeted%20exchange%20and%20successfully%20got%20the%20below%20output%3A%20%E2%80%A2%20HTTP%20200%3A%20Success%20Reply%20-%20OK%20%E2%80%A2%20%2Fowa%2Fauth%2Fx.js%20%E2%80%A2%20Response%20Code%20302%20(HTTP%20response%20status%20code%20302%20Found%20is%20a%20common%20way%20of%20performing%20URL%20redirection)%20%E2%80%A2%20Access%20Success(object%20download%20)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20I%20can%20solve%20this%20issue%20on%20Exchange%20and%20what%20is%20this%20related%20to%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2794975%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi,

 

Most of the attacks were reconnaissance attempts. A significant number of these were against systems that did not run Exchange in the backend:

• /owa/auth/x.js

 

Also, we find it from the bad actors targeted exchange and successfully got the below output: • HTTP 200: Success Reply - OK • /owa/auth/x.js • Response Code 302 (HTTP response status code 302 Found is a common way of performing URL redirection) • Access Success(object download )

 

How I can solve this issue on Exchange and what is this related to? 

0 Replies