While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.
This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.
Read more…
Source: Positive Technologies
Related:
- Global Russian hacking campaign steals data from government agencies
May 16, 2025
For years now, Russian state-sponsored threat actors have been eavesdropping on email communications from governments across Eastern Europe, Africa, and Latin America. A new report from cybersecurity researchers ESET has found that the crooks were abusing multiple zero-day and n-day vulnerabilities in webmail servers to steal the emails. ESET named the campaign “RoundPress”, and says that ...
- Marbled Dust leverages zero-day in Output Messenger for regional espionage
May 12, 2025
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft Threat ...
- Turkish intel busts cyber espionage ring stealing personal data
May 10, 2025
Türkiye’s National Intelligence Organization (MIT) has dismantled a cyber espionage network that sought to steal personal and financial data from citizens by imitating corporate identities through fake cell towers, security sources said Saturday. After months of investigations and surveillance, seven foreign nationals were caught red-handed in a joint operation with Istanbul police and prosecutors, sources said, ...
- Israeli spyware firm NSO to pay Meta $168m. in damages for hijacking WhatsApp servers
May 7, 2025
A federal jury in California handed Israel’s NSO Group a $168 million penalty on Tuesday for hijacking the servers of WhatsApp in order to hack users of the Meta-owned chat platform on behalf of foreign spy agencies. The case caps a six-year battle between the American social media giant and the surveillance firm. It has also ...
- Apple notifies new victims of spyware attacks across the world
April 30, 2025
Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google ...
- Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
April 25, 2025
Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques. This campaign poses a high business risk due to targeted espionage, ...