Sophos researchers discovered that the threat actors are using Exchange servers compromised using the highly publicized exploit chain—which suffered a barrage of attacks from advanced persistent threat (APT) groups to infect systems.