Happy Tuesday, folks! This week we’ll bite the bullet and finally have to discuss Russia vs. Ukraine, as some new things have like, come to light, man. But first...I refuse to be denied the opportunity to type “squirrelwaffle” on the internet, so let’s start there:
Financial fraud is [almost] never a laughing matter, and leaving servers unpatched for years is even worse, and this story has both. “Squirrelwaffle” is basically just a malicious document (“MalDoc”) that gets downloaded and runs a script that just downloads payloads in a loop. From the article, “The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking.” IF ONLY THERE WERE SOME WAY TO AUTOMATE PATCHING.
Welp...here it comes. From the article: “Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine," Ukraine's State Service for Special Communication and Information Protection.”