Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

According to a report from cybersecurity researchers at Sophos, hackers are looking for vulnerable, unpatched Microsoft Exchange servers and installing cryptocurrency mining malware on them.

The investigation further reveals that this newly discovered campaign is designed to stealthily use the compromised systems’ processing power to make profits.


It is worth noting that Microsoft released critical security updates for zero-day vulnerabilities identified in Exchange Server last month. However, systems that have not been updated are still vulnerable.

On the other hand, the DoJ has granted the FBI full permission to access every vulnerable system in the United States to clean and remove malicious web shells installed by threat actors after exploiting MS Exchange server vulnerabilities.

Cryptojacking – A Serious Threat

Research reveals that numerous hacker groups, from nation-state-backed hackers to ransomware operators, are trying to benefit from yet unpatched Exchange servers.

However, Sophos’ researchers state that cybercriminals taking advantage of MS Exchange Server ProxyLogon exploit to install Monero crypto-miner pose a bigger threat. That’s because cryptojacking can be highly successful on server hardware and delivers better performance than on a desktop or laptop. 

“The vulnerability permits the attackers to simply scan the whole internet for available, vulnerable machines, and then roll them into the network, it’s basically free money rolling in for the attackers,” principal threat researcher at Sophos, Andrew Brandt, wrote in a unpatched exchange servers cryptojacking malware