An unknown threat actor is utilizing known Microsoft Exchange Server vulnerabilities to deploy a keylogger malware in targeted attacks across Africa and the Middle East, affecting government agencies, banks, IT companies, and educational institutions. These attacks, identified by Positive Technologies, have been ongoing since 2021 and involve the exploitation of ProxyShell flaws, leading to unauthorized remote code execution. While the attackers remain unidentified, organizations are advised to update their Exchange Servers, check for compromise signs, and delete the file storing stolen account data if compromised
https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html