From bleepingcomputer.com
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.
In at least one incident that Microsoft’s security experts observed, the attackers slowly moved through the victim’s network, stealing credentials and exfiltrating information to be used for double extortion.
Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.