Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say.

What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader that showed up in September, or whether SquirrelWaffle is just one piece of malware among several that the campaigns are dropping.

Cisco Talos researchers first got wind of the SquirrelWaffle malspam campaigns beginning in mid-September, when they saw boobytrapped Microsoft Office documents delivering Qakbot malware and the penetration-testing tool Cobalt Strike – two of the most common threats regularly observed targeting organizations around the world.

Read more…
Source: ThreatPost