A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers.
After infiltrating the mail server via a phishing email containing an archived malicious executable, the threat actors deployed a web shell named ExchangeLeech (first observed by the Digital14 Incident Response team in 2020) that can steal user credentials.
Read more…
Source: Bleeping Computer