Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing threads, researchers say. Trend Micro researchers say that hijacking email replies is a good way to slip past both peoples spam suspicions and to avoid getting flagged or quarantined by email gateways. Researchers first got wind of the SquirrelWaffle campaigns beginning in mid-September, when they saw boobytrapped Microsoft Office documents delivering Qakbot malware and penetration-testing tool Cobalt Strike.”]
Source: https://threatpost.com/attackers-hijack-email-threads-proxylogon-proxyshell/176496/