Hive Ransomware Affiliate Attacking Microsoft Exchange Servers vulnerable to ProxyShell Flaw

22 April 2022

The cybersecurity experts at Varonis security firm have recently discovered a Hive ransomware affiliate that has been deploying a variety of backdoors, including the Cobalt Strike beacon, in order to compromise the Microsoft Exchange servers that are vulnerable to the ProxyShell flaws. By deploying these backdoors the threat actors perform the following tasks and activities:- Network reconnaissance Steal admin account credentials Exfiltrate valuable data Deploying file-encrypting payload Here the experts at Varonis security firm have identified this flaw while investigating an attack on one of its users.

Read full article on GBHackers

Date:

22 April 2022

Categorie(s):

NEWS

Tag(s):

Hive, IT, Microsoft Exchange, News, Servers

7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike27 April 2024
AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024