Microsoft has pushed out a new update for their Microsoft Safety Scanner tool to detect web shells deployed in the recent Exchange Server attacks. Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web (OWA) servers. These vulnerabilities are being used by Chinese state-sponsored threat actors to steal mailboxes, harvest credentials, and deploy web shells to access the internal network. Microsoft has added updated signatures for Microsoft Defender to help organizations find and remove web shells used in these attacks.
Source: https://www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/