‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found.

Researchers from Cybereason have been tracking multiple cyberespionage campaigns – collectively dubbed “DeadRinger” – since 2017, reporting initially on findings that a Chinese threat group dubbed SoftCell was targeting billing servers to steal call records from telecoms in Africa, the Middle East, Europe and Asia in 2019.

Read more…
Source: ThreatPost