- Aug 28, 2015
- 772
A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.
From there, the threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload.
The details come from security and analytics company Varonis, who was called in to investigate a ransomware attack on one of its customers.