Microsoft Exchange Server vulnerabilities targeted to conduct financial fraud
By MYBRANDBOOK
On Tuesday, Sophos researchers revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year, was targeted to hijack email threads and spread malspam. The incident documented by Sophos also used the combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers to conduct financial fraud through email hijacking.
Squirrelwaffle is a malware loader first documented last year in malicious spam campaigns. The loader is often distributed through malicious Microsoft Office documents or DocuSign content tacked on to phishing emails. If an intended victim enables macros in the weaponized documents, Squirrelwaffle then is often used to pull and execute CobaltStrike beacons via a VBS script.
The advanced persistent threat (APT) group Hafnium was actively exploiting the bugs at this time, and other APTs quickly followed suit. While the ProxyLogon/ProxyShell vulnerabilities are now well-known, some servers are still unpatched and open to attacks.
Sophos says that in the recent campaign, the loader was deployed once the Microsoft Exchange Server had been compromised. The server, belonging to an unnamed organization, was used to "mass distribute" Squirrelwaffle to internal and external email addresses by hijacking existing email threads between employees.
The spam campaign was used to spread Squirrelwaffle, but in addition, attackers extracted an email thread and used the internal knowledge within to conduct financial fraud.
Customer data was taken, while a victim organization was also selected. The attackers registered a domain with a name very close to the victim -- a technique known as typo-squatting -- and then created email accounts through this domain to reply to the email thread outside of the server.
"To add further legitimacy to the conversation, the attackers copied additional email addresses to give the impression that they were requesting support from an internal department," Sophos explained. "In fact, the additional addresses were also created by the attacker under the typo-squatted domain."
Over six days, the attackers tried to direct a legitimate financial transaction to a bank account they owned. The payment was on its way to being processed, and it was only due to a bank involved in the transaction realizing the transfer was likely fraudulent that the victim did not fall prey to the attack.
BREAKING NEWS
TECHNO TRENDS
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
E-Magazine
TECHNOTAINMENT
Netflix adds 'Moments' feature for saving, sharing scenes from
Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for
Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
MOVERS & SHAKERS
Visa elevates Rishi Chhabra as new Country Manager for India
Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le
Genesys continues to deepen its investment in the APAC region. Earlier this
OPEN YOUR EYES
INTERVIEWS
Delivering Critical Business Communication Solutions to Enterp
Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than
Alpha Max offers high end solutions in the network space to en
The vision at Alpha Max is to attain quality as the trademark and create a
HOT PICK
SonicWall Launches TZ80: A Powerful Solution for Remote Office
SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution
GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
MAKE IN INDIA BRANDS
LENOVO INDIA PVT. LTD.
CENTRE FOR DEVELOPMENT OF TELEMATICS (C-DOT)
BEETEL TELETECH LTD.
VVDN TECHNOLOGIES
EMINENT CIO'S OF INDIA
ICONS OF INDIA
ICONS OF INDIA : S KRISHNAN
S Krishnan as the secretary for the electronics and information techno...
Icons Of India : MUKESH D. AMBANI
Mukesh Dhirubhai Ambani is an Indian businessman and the chairman and ...
ICONS OF INDIA : SANTHOSH VISWANATHAN
Santhosh Viswanathan is the the Vice President and Managing Director f...
PARTNER SPEAKERS
PSU
ITI - ITI Limited
ITI Limited is a leading provider of telecommunications equipment, sol...
LIC - Life Insurance Corporation of India
LIC is the largest state-owned life insurance company in India...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
VIDEOS
Top 25 Brands
Global Indian industry
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation...
STARNITE AWARDS 2024
ITFORUM 2024
CMO of the Year
WOMEN LEADERSHIP
IMAGE GALLERY
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
