APT28 has been scanning vulnerable email servers for more than a year Scans have been observed against webmail and Microsoft Exchange Autodiscover servers March 20, 2020 https://www.zdnet.com/article/apt28...ulnerable-email-servers-for-more-than-a-year/ Trend Micro: "Pawn Storm in 2019 - A Year of Scanning and Credential Phishing on High-Profile Targets" (PDF - 710 KB): https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf
Probing Pawn Storm Cyberespionage Campaign Through Scanning, Credential Phishing and More https://www.trendmicro.com/vinfo/in...through-scanning-credential-phishing-and-more