Venture Beat, April 25, 2022
The Hive threat group has been targeting organizations across the finance, energy and healthcare sectors as part of coordinated ransomware attacks since June 2021.
During the attacks, the group exploits ProxyShell vulnerabilities in MSFT Exchange servers to remotely execute arbitrary commands and encrypt the data of companies with this unique ransomware strain.