Security News > 2022 > June > Microsoft Exchange servers hacked by new ToddyCat APT gang
An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020.
At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.
Although not very active until February 2021, they quickly escalated their attacks after starting to scan for and target unpatched Microsoft Exchange servers across Europe and Asia with ProxyLogon exploits.
Waves of attacks against Exchange servers and desktop systems.
"In any case, it's worth noting that all the targeted machines infected between December and February were Microsoft Windows Exchange servers; the attackers compromised the servers with an unknown exploit, with the rest of the attack chain the same as that used in March."
In this third wave of attacks, the APT group also expanded their focus to include desktop systems, while before, they were exclusively targeting Microsoft Exchange servers.
News URL
Related news
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Oracle says "obsolete servers" hacked, denies cloud breach (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft: Windows Server hotpatching to require subscription (source)
- Microsoft fixes Exchange Online bug flagging Gmail emails as spam (source)