The noteworthy aspect of this phishing campaign is that the emails were sent as replies to previously sent messages, due to which these appeared legit.
According to the IT security researchers at Certitude, a Vienna-based consulting firm specializing in communication technology risks and information management, threat actors are exploiting unpatched Microsoft Exchange Servers to send phishing emails to unsuspected customers.
This is yet another campaign in which unpatched Exchange Servers are being abused for malicious purposes. In August 2021, attackers were found targeting unpatched Exchange servers with ProxyShell attack – In September 2021, again, Conti ransomware affiliates were attacking unpatched Exchange Servers with ProxyShell exploits.
In a blog post, Peter Wagner of Certitude disclosed that disclosed in early November 2021, the company received information about phishing emails sent to one of its customers’ email account containing suspicious URLs.
These emails were sent as replies to previously sent messages, due to which these appeared legit. The email headers indicated that these originated from the customers’ Exchange rather than being spoofed from external sources.
Further probe revealed that the on-premise