Ransomware Gang ‘Cuba’ Exploiting Microsoft Exchange Bugs

24
Ransomware Gang ‘Cuba’ Exploiting Microsoft Exchange Bugs-01

The ransomware gang known as “Cuba” is increasingly turning to using Microsoft Exchange risks – including ProxyShell and ProxyLogon – as vectors for initial infections, researchers have found.

The group may have started attacking the victims last August, Mandiant reported on Wednesday.

Mandiant, who follows a threatening character like UNC2596, noted that the group is using COLDDRAW ransomware.

Read More: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/