Cybercrime group behind Lemon Duck has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. Lemon Duck targets victims computer resources to mine the Monero virtual currency, with self-propagating capabilities and a modular framework that allows it to infect additional systems that become part of the botnet. The group has at least 12 different initial-infection vectors more than most malware, with Proxylogon exploits only the latest addition. In the latest rash of attacks, which began in April, the group has changed up its geographic targets.
Source: https://threatpost.com/lemon-duck-cryptojacking-botnet-tactics/165986/