"LockBit Affiliates Compromise Microsoft Exchange Servers to Deploy Ransomware"
According to the South Korean cybersecurity firm AhnLab, LockBit ransomware affiliates are distributing their malware through compromised Microsoft Exchange servers. LockBit 3.0 ransomware infected two servers operated by the security firm's customer in July 2022. The threat actors first deployed a web shell on a compromised Exchange server, then took only seven days to escalate privileges to Active Directory admin and steal approximately 1.3 TB of data before encrypting network-hosted systems. The attackers allegedly exploited a zero-day vulnerability in Microsoft Exchange Server, according to the researchers. This article continues to discuss LockBit ransomware affiliates compromising Microsoft Exchange servers to deploy their ransomware.