Users are automatically created in excahnge server 2019 and send sapmming emails to other domains

Copper Contributor

Dear Experts,  We have recently migrated an on-premise exchange server from the exchange server 2013 to the On-premise exchange server 2019 and it has run for almost 20 days without any issues.


Suddenly, unknown users are being created in the exchange server and sending emails to other countries. and sometimes the users pick the email from the domain user and send out emails to other countries.



in the above screenshot, the user is not in the domain but still many users have been created and sent emails to other domains/countries.


I am in crisis because of this issue and being blacklisted for all the domains in just 1 day







1 Reply
It seems that your server/s have been compromised. 1st step will be server isolation and investigation/remediaton, ( I guess you already did it as per the post date ).
In this articles, ( even if they're talking about another vulnerabilities ), you'll find detailed information about how to investigate and remediate compromised Exchange servers: