Security News > 2021 > March > Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities
In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators.
A total of four critical zero-day vulnerabilities that are collectively referred to as ProxyLogon were patched in Exchange Server at the beginning of this month, and activity surrounding the bugs has only intensified since.
Some of these threat actors had been targeting the vulnerabilities before Microsoft released patches for them, while others have been picking up exploits for them after that.
Now, security researchers say that ransomware operators too are starting to target these vulnerabilities in their attacks.
"Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers," Misner said on Twitter.
Thousands of Exchange servers are believed to be vulnerable to attacks, and at least hundreds of them have already been compromised since the attacks started.
News URL
Related news
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Microsoft vulnerabilities: What’s improved, what’s at risk (source)
- Microsoft now pays up to $30,000 for some AI vulnerabilities (source)