The operators of Lemon_Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers. The attackers are using web shells deployed on compromised servers to download malicious payloads from pestonine[.]com and cdn.chatcdn[.]net. The malware is known for installing XMRig Monero (XMR) CPU coinminers on infected devices to mine cryptocurrency for the botnet’s owners. Its operators also employed large-scale COVID-19-themed spam campaigns for propagation in the past.
Source: https://www.bleepingcomputer.com/news/security/microsoft-exchange-exploits-now-used-by-cryptomining-malware/