Julian-Ferdinand VögeleWrite up by Huntress that observed a significant increase in malicious PowerShell executions delivering a ConnectWise Control (ScreenConnect) payload on unpatched Exchange hosts using the exploit chain consisting of CVE-2022-41080 and CVE-2022-41082 (dubbed #OWASSRF by Crowdstrike, as it involves an Outlook Web Access SSRF) (including #IOCs and possible detections): https://www.huntress.com/blog/owassrf-explained-analyzing-the-microsoft-exchange-rce-vulnerability?hs_amp=true