Threat actors are hacking Microsoft Exchange servers. This is made possible by the use of ProxyShell and ProxyLogon exploits. This is used to spread malware and bypass detection by using stolen internal response chain e-mails.
TrendMicro researchers reveal how attackers distribute malicious emails through the compromised Microsoft Exchange server of the victim to the internal users of an organization.
The researchers explained that the attackers exploit Microsoft Exchange servers to then reply to in-house emails in response chain attacks that contain links embedded with malware documents.
This tactic is considered to be very effective as it comes from the same internal network, which indicates that it is very secure.
Once the link is clicked, malicious macros are executed to download and install the malware included in the attachment.
For more information, read the original story in Bleeping Computer.