Symantec：2025年勒索软件威胁态势白皮书：韧性且持续（英文版）

By the time Qakbot departed the scene, attackers had already discovered a new infection vector: exploitation of recently patched vulnerabilities in Internet-facing applications. The catalyst for the sudden shift was likely the discovery of a series of vulnerabilities in Microsoft Exchange Server between 2021 and 2022. The next logical step for attackers was to start identifying other suitable enterprise software and begin examining software updates, identifying potentially useful vulnerabilities