The operators of Lemon_Duck, a cryptomining botnet targeting enterprise networks, are now using Microsoft Exchange Proxylogon exploits in their attacks.
Lemon_Duck's ongoing campaign targeting vulnerable Exchange servers has reached a very large scale, with attackers deploying XMRig Monero CPU coinminers on infected devices to mine cryptocurrency for the botnet's owners.
The hackers are using web shells to download malicious payloads from p.estonine[.]com and cdn.chatcdn[.]net.