Read the original article: Compromised Exchange Servers Were Used to Host Payloads to Hack Other Exchange Servers
While many threat actors attempted to take advantage of the recent ProxyLogon Exchange vulnerabilities to deploy ransomware, some went in another direction. A Sophos report released Tuesday details an attack where the actors downloaded a cryptominer from other compromised Exchange servers. PowerShell was used to download files with a .zip extension from the “/owa/auth” directory. […]
The post Compromised Exchange Servers Were Used to Host Payloads to Hack Other Exchange Servers