Cuba Ransomware Group Joins Play Ransomware in Utilizing OWASSRF Vulnerability

Cyware has posted an alert detailing Microsoft sharing that the Cuba ransomware threat group has been observed targeting vulnerable Exchange servers using a zero-day exploit titled OWASSRF, or Outlook Web Access Server-Side Request Forgery. This is an escalation in criminal actors utilizing this exploit, as previously only the Play ransomware group had incorporated it into their malware. While Microsoft released a security update to address OWASSRF in November 2022, there are still many Exchange servers that remain unpatched. This will result in a growing vulnerability for organizations as experts predict more ransomware groups will begin adding OWASSRF to the tools they use to exploit the networks of potential targets. Read more at Cyware.