Cybereason warns that threat actors have started to exploit a recently patched critical vulnerability that still affects over 3.5 million Exim email servers around the globe. The researchers have spotted two campaigns.
In the first, threat actors were using a command and control (C2) server to target vulnerable devices with simple exploits. The second campaign is more advanced, as it involves various types of malware payloads designed to establish persistence on compromised servers and for distributing malware to other vulnerable machines. The worm-like capability of the malware, which enables it to spread itself across the Internet, is especially worrisome.
Cybereason is urging system administrators to install patches on vulnerable Exim servers as soon as possible, and to remove any malware that may have already made its way onto their machines.
Read more: Millions of Email Servers at Risk from Cryptomining Worm