Positive Technologies detects a series of attacks via Microsoft Exchange Server


While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.

This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • 500K Italian Public Administration Email Accounts Compromised By Targeted Attack

    November 21, 2018

    500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza. Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the ...

  • APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign

    November 20, 2018

    The group is best-known for hacking the DNC ahead of the 2016 presidential election. A phishing campaign bent on espionage, believed to be launched by the nation-state threat group known as APT29, is targeting high-value targets across the think-tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government and defense contracting sectors. It’s the first large-scale ...

  • The White Company: Inside the Operation Shaheen Espionage Campaign

    November 12, 2018

    In a new collection of extensive research reports, the Cylance Threat Intelligence Team profiles a new, likely state-sponsored threat actor called The White Company – in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution. The report details one of the group’s recent campaigns, a year-long espionage ...

  • Kaspersky says it detected infections with DarkPulsar, alleged NSA malware

    October 19, 2018

    Kaspersky Lab said today that it detected computers infected with DarkPulsar, a malware implant that has been allegedly developed by the US National Security Agency (NSA). “We found around 50 victims, but believe that the figure was much higher,” Kaspersky Lab researchers said today. “All victims were located in Russia, Iran, and Egypt, and typically Windows 2003/2008 ...

  • Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew

    October 18, 2018

    A fresh wave of cyberattacks striking the US, South Korea, and Canada has been connected to an APT group with ties to the Chinese military. On Thursday, cybersecurity researchers from McAfee’s Advanced Threat Research team said they have discovered a new campaign which focuses on cyberespionage and data reconnaissance. South Korea appears to be the primary target of the ...

  • UK National Cyber Security Centre Reveals Scale Of Cyber Attacks

    October 16, 2018

    Two year since its launch, NCSC helped the UK against almost 1,200 cyber attacks, most carried out by hostile nation states The UK’s National Cyber Security Centre (NCSC) has revealed that it helps the country fend off at least ten cyber attacks a week, most of which come from state-sponsored hackers employed by hostile nation states. This ...