Home » Technology » Microsoft » Microsoft Exchange Server Gets New Wave Of Attacks

Microsoft Exchange Server Gets New Wave Of Attacks

Microsoft Exchange

As was the case a few weeks ago, a new wave of attacks on Microsoft Exchange has now become known. Cybercriminals use a known security hole that has already been patched by Microsoft – but that doesn’t make the attacks any less dangerous.

Because it has been shown once again that even if important security updates are available, these are not always used. As the Bleeping Computer now reports, a new wave of attacks is based on precisely such a case. A new threat actor hacked Microsoft Exchange servers and infiltrated corporate networks via the known ProxyShell vulnerability. A blackmail Trojan called Babuk is then used there and systems are encrypted.

ProxyShell attacks

The ProxyShell attacks on vulnerable Microsoft Exchange servers began a few months ago, and LockFile and Conti were among the first ransomware groups to exploit them.

According to a report by researchers at Cisco Talos, a Babuk ransomware offshoot called “Tortilla” has been active since October. The name Tortilla is based on executable files called Tortilla.exe that smuggle malicious code into foreign systems. It is currently the case that security researchers have primarily noticed attacks in the USA, but there have also been some infections with the malicious code in Germany and other European countries.

Attacks on Windows

The attacks begin with the Exchange vulnerability and then continue with various other manipulation attempts. Cisco Talos has published an extensive blog post explaining the attacks. Babuk is ransomware that can be compiled for various hardware and software platforms. That makes them doubly dangerous for companies because if the Exchange gap has not been closed, the hackers can also attack other systems in the company network.

In the attack campaign that has now been uncovered, however, Cisco primarily found evidence of actors who specifically targeted Windows.