Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell.
https://threatpost.com/squirrelwaffle-fraud-exchange-server-malspamming/178434/