Microsoft Exchange servers hacked to deploy Hive ransomware


Level 15
Thread author
Top poster
Aug 28, 2015
A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.

From there, the threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload.

The details come from security and analytics company Varonis, who was called in to investigate a ransomware attack on one of its customers.