Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
released on 2021-11-22 @ 02:56:36 PM
In September, Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is known for sending its malicious emails as replies to preexisting email chains, a tactic that lowers a victim’s guard against malicious activities. To be able to pull this off, TrendMicro believes it involved the use of a chain of both ProxyLogon and ProxyShell exploits.