From news.sophos.com
In the weeks since Microsoft released details about a serious vulnerability affecting their Exchange mail server software, a range of threat actors have been targeting exploitable servers with a variety of malware, from webshells to ransomware. But those aren’t the only payloads we’ve seen directed at Exchange servers: An unknown attacker has been attempting to leverage what’s now known as the ProxyLogon exploit to foist a malicious Monero cryptominer onto Exchange servers, with the payload being hosted on a compromised Exchange server.