At least 10 nation-state-backed groups are using the ProxyLogon exploit chain to compromise email servers, as compromises mount. Four flaws can be chained together to create a pre-authentication remote code execution (RCE) exploit. This gives attackers access to email communications and the opportunity to install a webshell for further exploitation within the environment. Microsoft said last week that the attacks were limited and targeted but that s certainly no longer the case. Other security companies have continued to say they have seen much broader, escalating activity.
Source: https://threatpost.com/microsoft-exchange-servers-apt-attack/164695/