Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities

Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities

A recent Babuk ransomware campaign has targeted ProxyShell vulnerabilities in Microsoft Exchange Server, according to security analysts at Cisco Talos. The researchers saw signs that the attackers were using the China Chopper web shell to compromise, and then used that Babuk post.

Followed as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, problems were handled in April and May, technical details were made public in August. An unauthorized intruder can bind bugs to extract code incorrectly. Attacks that exploit security errors have been rampant for the past few months, and Cisco researchers say the Tortilla threatening character, who has been operating since July 2021, has begun identifying Exchange Server flaws.

The leaked infection chain includes a central extraction module downloaded from pastebin.pl (pastebin.com clone) and recorded in memory before the final payment is issued and used.

Read More: securityweek