The ransomware gang known as “Cuba” is increasingly turning to using Microsoft Exchange risks – including ProxyShell and ProxyLogon – as vectors for initial infections, researchers have found.
The group may have started attacking the victims last August, Mandiant reported on Wednesday.
Mandiant, who follows a threatening character like UNC2596, noted that the group is using COLDDRAW ransomware.
Read More: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
