The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking.
On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year, was targeted to hijack email threads and spread malspam.
Microsoft issued emergency patches on March 2, 2021, to resolve zero-day vulnerabilities exploitable to hijack servers. The advanced persistent threat (APT) group Hafnium was actively exploiting the bugs at this time, and other APTs quickly followed suit.
Read more…
Source: ZDNet