Attackers Target ProxyLogon Exploit to Install Cryptojacker

Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
Source: Threadpost