With all the panic over recent OWA exploits we decided we would put out a post describing what we are seeing from our data and what we have observed in the past couple of months. Now that exploits are flying all over the place and reporting shows that 10 different threat actors (the number is actually over 36, see below) are highly active in exploiting mail servers.
Today we started seeing 77[.]123[.]155[.]74 which is well known to us. Keep your eyes and ears open and look for unauthorized traffic to your OWA instances.