Security News > 2022 > December > The Week in Ransomware - December 23rd 2022 - Targeting Microsoft Exchange

The Week in Ransomware - December 23rd 2022 - Targeting Microsoft Exchange
2022-12-23 20:51

Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and deploy ransomware.

CrowdStrike researchers reported this week that the Play ransomware operation utilized a new Microsoft Exchange attack dubbed 'OWASSRF' that chained exploits for CVE-2022-41082 and CVE-2022-41080 to gain initial access to corporate networks.

Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution on vulnerable servers through Outlook Web Access.

The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305.

The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.

Ransomware Roundup - Play Ransomware That's it for this week! Hope everyone has a nice holiday and we will return after the new year!


News URL

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-23rd-2022-targeting-microsoft-exchange/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-41080 Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
0.0
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400