ProxyShell Exchange Exploitation Now Leads To An Increasing Amount Of Cobaltstrike Backdoors

On approximately August 21, 2021, security researchers, cybersecurity leaders, and eventually the CISA, began voicing concerns about the inevitable threat of LockFile ransomware attacks on a wide variety of ill-informed and unprepared victims. Threat actors had been caught targeting on-premises Microsoft Exchange servers via ProxyShell vulnerabilities. These vulnerabilities have been dubbed, “worse than ProxyLogon”. Patches for these vulnerabilities were made available in April & May, but many servers were still vulnerable. 

Read More: