Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday. At least four groups are using “at least”” the CVE-2021-26855 vulnerability as part of ongoing attacks to achieve remote code execution without authentication on unpatched on-premises Exchange servers. Microsoft urges administrators to “”install these updates immediately”” to protect vulnerable Exchange servers from these ongoing attacks. One of the web shells dropped during these attacks is China Chopper (a sample is available here).”
Source: https://www.bleepingcomputer.com/news/security/state-hackers-rush-to-exploit-unpatched-microsoft-exchange-servers/