Security News > 2021 > March > Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities
In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators.
A total of four critical zero-day vulnerabilities that are collectively referred to as ProxyLogon were patched in Exchange Server at the beginning of this month, and activity surrounding the bugs has only intensified since.
Some of these threat actors had been targeting the vulnerabilities before Microsoft released patches for them, while others have been picking up exploits for them after that.
Now, security researchers say that ransomware operators too are starting to target these vulnerabilities in their attacks.
"Microsoft observed a new family of human operated ransomware attack customers - detected as Ransom:Win32/DoejoCrypt.A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers," Misner said on Twitter.
Thousands of Exchange servers are believed to be vulnerable to attacks, and at least hundreds of them have already been compromised since the attacks started.
News URL
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)