![]() ![]() Sending the messages from the organizations allow the attackers to bypass detection. Once compromised the Exchange servers, threat actors use the access to reply to the company’s internal emails in reply-chain attacks containing links to weaponized documents. ![]() ![]() The investigation into three incidents revealed that attackers used exploits for CVE-2021-26855 (ProxyLogon), CVE-2021-34473, and CVE-2021-34523 (ProxyShell). The attacks were orchestrated by Squirrelwaffle, a threat actor known for sending malicious spam as replies to existing email chains. The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick victims opening the malicious email used as the attack vector.
0 Comments
Leave a Reply. |