{"id":140580,"date":"2022-06-14T10:24:24","date_gmt":"2022-06-14T15:24:24","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/06\/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware"},"modified":"2022-06-14T10:24:24","modified_gmt":"2022-06-14T15:24:24","slug":"microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/06\/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware","title":{"rendered":"Microsoft: Exchange servers hacked to deploy BlackCat ransomware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware2.jpg\"><\/a><\/p>\n<p>Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.<\/p>\n<p>In at least one incident that Microsoft\u2019s security experts observed, the attackers slowly moved through the victim\u2019s network, stealing credentials and exfiltrating information to be used for double extortion.<\/p>\n<p>Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. In at least one incident that Microsoft\u2019s security experts observed, the attackers slowly moved through the victim\u2019s network, stealing credentials and exfiltrating information to be used for double extortion. Two weeks after the initial compromise using an unpatched Exchange [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-140580","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/140580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=140580"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/140580\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=140580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=140580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=140580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}