Cuba Ransomware Discovered to Abuse OWASSRF Flaw
Category: Vulnerability | Industry: Global | Level: Tactical | Source: BleepingComputer
Microsoft warns the Cuba ransomware gang has adopted the OWASSRF exploit into their attack arsenal. BleepingComputer shared this advisory from a Microsoft 365 Defender, threat analytics report. The OWASSRF exploit uses CVE-2022-41080 to elevate privileges on vulnerable Microsoft Exchange servers to bypass ProxyNotShell URL rewrite mitigations. This exploit has been recently attributed to the compromise of Rackspace's Hosted Exchange Environment in December 2022 by the Play ransomware group.
Anvilogic Use Cases:
- ReverseShell Upgrade From WebShell
- POST request PowerShell
- IIS Worker (W3WP) Spawn Command Line