Microsoft Exchange vulnerabilities exploited again with Babuk Ransomware

3-Nov-21

A malicious campaign targeting vulnerable Microsoft Exchange servers and attempting to exploit the ProxyShell vulnerability to deploy the Babuk ransomware in the victim’s environment was disconver on 12 October.

Infection typically starts with a downloader module on a victim’s server. The DLL downloader is run by the parent process w3w3wp.exe, which is the Exchange IIS worker process.

Read More…