Menu

Blog

Jun 14, 2022

Microsoft: Exchange servers hacked to deploy BlackCat ransomware

Posted by in category: cybercrime/malcode

Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.

In at least one incident that Microsoft’s security experts observed, the attackers slowly moved through the victim’s network, stealing credentials and exfiltrating information to be used for double extortion.

Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.

Leave a reply