Double attack via vulnerable Exchange servers
SophosLabs is investigating the use of the Squirrelwaffle malware "distribution station" in combination with social engineering. There was a double attack: malware droppers and financial fraud ran through the same vulnerable Exchange Server. An incident guide for security teams at organizations impacted by Squirrelwaffle. In a recent article, the Sophos Rapid Response Team describes a case where Squirrelwaffle malware exploited a vulnerable Exchange server to distribute malicious spam through hijacked email threads. At the same time, an email thread was stolen by the attackers in order to trick unsuspecting users into transferring money. Combination of Squirrelwaffle, ProxyLogon and ProxyShell The…