New IceApple exploit toolset deployed on Microsoft Exchange servers

Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography.

IceApple is described as being “highly sophisticated,” its developer prioritizing keeping a low profile for long-term objectives in targeted attacks.

The framework was discovered by the Falcon OverWatch team, CrowdStrike’s proactive threat hunting division, in late 2021 and it is under active development.

Read more…
Source: Bleeping Computer