Security News > 2021 > March > Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities
In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators.
A total of four critical zero-day vulnerabilities that are collectively referred to as ProxyLogon were patched in Exchange Server at the beginning of this month, and activity surrounding the bugs has only intensified since.
Some of these threat actors had been targeting the vulnerabilities before Microsoft released patches for them, while others have been picking up exploits for them after that.
Now, security researchers say that ransomware operators too are starting to target these vulnerabilities in their attacks.
"Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers," Misner said on Twitter.
Thousands of Exchange servers are believed to be vulnerable to attacks, and at least hundreds of them have already been compromised since the attacks started.
News URL
Related news
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)