You are here

Cuba Ransomware Group Joins Play Ransomware in Utilizing OWASSRF Vulnerability

Cuba Ransomware Group Joins Play Ransomware in Utilizing OWASSRF Vulnerability

Created: Tuesday, January 17, 2023 - 13:46
Categories:
Cybersecurity

Cyware has posted an alert detailing Microsoft sharing that the Cuba ransomware threat group has been observed targeting vulnerable Exchange servers using a zero-day exploit titled OWASSRF, or Outlook Web Access Server-Side Request Forgery. This is an escalation in criminal actors utilizing this exploit, as previously only the Play ransomware group had incorporated it into their malware. While Microsoft released a security update to address OWASSRF in November 2022, there are still many Exchange servers that remain unpatched. This will result in a growing vulnerability for organizations as experts predict more ransomware groups will begin adding OWASSRF to the tools they use to exploit the networks of potential targets. Read more at Cyware.