‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware.

Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12.

Tortilla, an actor that’s been operating since July, is predominantly targeting U.S. victims. It’s also hurling a smaller number of infections that have hit machines in the Brazil, Finland, Germany, Honduras, Thailand, Ukraine and the U.K., as shown on the map below.

Read more…
Source: ThreatPost