Microsoft Exchange servers hacked to deploy Hive ransomware

Trooper

Level 15
Thread author
Verified
Top poster
Well-known
Aug 28, 2015
739
A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.

From there, the threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload.

The details come from security and analytics company Varonis, who was called in to investigate a ransomware attack on one of its customers.