Follow
#ProxyNotShell in Exchange Server fingered in UK Electoral Commission hack.
TechCrunch found Electoral Commission were using on prem Exchange.
I had a look via @shodan history feature - their Exchange Server, with OWA enabled, was online until later in 2022 (when the incident began) - and didn't have ProxyNotShell patches installed, as Microsoft hadn't released them.
The mitigations MS released were bypassable, as seen in the Rackspace Hosted Exchange hack.
https://techcrunch.com/2023/08/09/parsing-uk-electoral-commission-cyberattack/