Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Cybercriminals are leveraging zero-day vulnerabilities in Microsoft Exchange servers, dropping cryptocurrency mining malware as part of a campaign that seeks to secretly steal the processing power of compromised systems. The campaign is targeted towards financial gain and is currently ongoing, according to advisories published by several US agencies, including warnings from the FBI, NSA, and CISA. Cybera attackers from different nation state-linked hacking groups and ransomware gangs are taking advantage of servers that have gone unpatched.
At Sophos, cybersecurity researchers have found that attackers are attempting to take advantage of the ProxyLogon zero-day to install the Monero crypto miner on Exchange servers. According to Sophos, the server hardware is desirable for cryptoc\jacking because it boasts higher performance than a desktop or laptop. Although Monero isn’t as lucrative as Bitcoin, it’s easier to mine, harder to detect on a victim’s network, and preserves more anonymity.