What you need to know
- The Lemon Duck cryptocurrency mining botnet is being used to target unpatched Microsoft Exchange servers.
- Lemon Duck steals computer resources to mine for the Monero cryptocurrency.
- 92% of worldwide Exchange IPs were patched or mitigated as of March 25, according to Microsoft.
Unpatched Microsoft Exchange servers continue to be targeted by malicious groups. A post by Cisco Talos explains that a cryptocurrency botnet called Lemon Duck is being used by operators to target vulnerable Microsoft Exchange servers (via ZDNet). The botnet's goal is to install a payload onto devices that can then be used to steal computer processing power to mine the Monero cryptocurrency.
Microsoft took several steps to address the effects of the Exchange server vulnerabilities. The company rolled out mitigation tools and updated Microsoft Defender Antivirus to address the issues. As of a March 25 security report from Microsoft (opens in new tab), 92% of known worldwide Exchange IPs are patched or mitigated. Despite these efforts, there are still a large number of unpatched devices.
Talos explains why it has "medium confidence" that these recent events are related to Microsoft Exchange server vulnerabilities:
Lemon Duck also utilizes Cobalt Strike, which is a software platform used by security penetration testers and as well as malicious actors. Using Cobalt Strike represents an evolution for Lemon Duck, according to Talos. The researchers state that using Cobalt Strike shows that the people behind Lemon Duck "continue to refine their approach to the attack lifecycle over time as they identify opportunities to increase their efficiency as well as the effectiveness of their attacks."
Windows Central Newsletter
Get the best of Windows Central in in your inbox, every day!
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org (opens in new tab).
Crypto mining sure is rounding up some unpleasant characters.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.