Compromised Microsoft Exchange Server Used to Host Cryptominer

  /     /     /  
Publicated : 23/11/2024   Category : security


Compromised Microsoft Exchange Server Used to Host Cryptominer


Researchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server.



Researchers at Sophos report an unknown attacker is attempting to use a compromised Microsoft Exchange Server to deliver a malicious Monero cryptominer onto other vulnerable Microsoft Exchange Servers. Monero is an anonymous form of cryptocurrency that is favored by attackers over the more popular Bitcoin.
The attack uses the ProxyLogon exploit. Because the cryptominer is hosted on a compromised Exchange Server, it may be easier for the attacker to deliver the payload to other vulnerable targets as firewalls are less likely block traffic between Exchange Servers.
The SophosLabs team has been examining telemetry in the weeks following Microsofts news about the serious Exchange Server vulnerability and came across the attack targeting a customers Exchange Server.
The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised servers Outlook Web Access logon path (/owa/auth), Sophos says in a release on the details of the exploit.
A breakdown of how the attack works can be found 
here
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Compromised Microsoft Exchange Server Used to Host Cryptominer