2022-02-22

Financial Fraud with Exchange Vulnerabilities

Level: 
Tactical
  |  Source: 
Sophos
Share:

Financial Fraud with Exchange Vulnerabilities

Industry: N/A | Level: Tactical | Source: Sophos

Malware loader, Squirrelwaffle emerged in September 2021 and continues its spread through exploiting Microsoft Exchange ProxyLogon and ProxyShell vulnerabilities. Observed by Sophos, hijacked emails are used to advance the spread of Squirrelwaffle, Sophos investigations also identified attackers committing financial fraud attacks using the information obtained from the hijacked emails. The hijacked emails contained information for customer payments, the attackers created a “typo-squatted” domain and sent fraudulent replies to an email thread requesting assistance in a manner providing them access to the victim's payments.

  • Anvilogic Use Case: Potential ProxyShell

Get trending threats published weekly by the Anvilogic team.

Sign Up Now