Security News > 2023 > January > Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw
Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery vulnerability also exploited in Play ransomware attacks.
Cloud computing provider Rackspace recently confirmed that Play ransomware used a zero-day exploit dubbed OWASSRF targeting this bug to compromise unpatched Microsoft Exchange servers on its network after bypassing ProxyNotShell URL rewrite mitigations.
Redmond says that this SSRF vulnerability has also been exploited since at least November 17th by another threat group it tracks as DEV-0671 to hack Exchange servers and deploy Cuba ransomware payloads.
While Microsoft released security updates to address this SSRF Exchange vulnerability on November 8th and has provided some of its customers with info that ransomware gangs are using the flaw, the advisory is yet to be updated to warn that it's being exploited in the wild.
In both advisories, the FBI strongly urged reporting Cuba ransomware attacks to local FBI field offices and asked victims to share related information with their local FBI Cyber Squad to help identify the ransomware gang's members and the cybercriminals they're working with.
While not as prolific as Cuba ransomware and although first spotted a lot more recently, in June 2022, Play ransomware has been quite active and has already hit dozens of victims worldwide, including Rackspace, the German H-Hotels hotel chain, the Belgium city of Antwerp, and Argentina's Judiciary of Córdoba.
News URL
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)