Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack


A new malware dubbed ‘ProxyShellMiner’ exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.

ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021. When chained together, the vulnerabilities allow unauthenticated, remote code execution, letting attackers take complete control of the Exchange server and pivot to other parts of the organization’s network.

Read more…
Source: Bleeping Computer