The Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) has provided ongoing updates to its Mitigate Microsoft Exchange Server Vulnerabilities webpage since Microsoft released out-of-band security updates for four Exchange Server flaws on March 2. In the following weeks, attackers have begun to scan for and exploit the bugs in target organizations around the world. On March 13, CISA updated its guidance to provide seven Malware Analysis Reports (MARs), each of which identifies a China Chopper Web shell associated with vulnerability exploitation in Microsoft Exchange Servers. After an attacker successfully exploits a target server to gain initial access in these intrusions, they typically upload a Web shell to enable remote administration.