Positive Technologies detects a series of attacks via Microsoft Exchange Server


While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.

This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • UK MoD secrets exposed in dozens of cyber security breaches

    October 15, 2018

    Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK’s defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in ...

  • Gallmaker: New Attack Group Eschews Malware to Live off the Land

    October 10, 2018

    A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign. Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies of an Eastern European country, and military and defense targets in the Middle East. This group ...

  • Saudi Dissident Spyware Attack Belies Bigger Threat

    October 5, 2018

    This week, news broke that a well-known Saudi dissident has been targeted by the notorious Pegasus spyware – after he gained permanent citizen status in Canada. While this fits into pattern of ongoing attacks on “civil society” members (i.e., journalists, social justice activists, dissidents and human rights organizations), the larger pool of threats against this ...

  • UK pins ‘reckless campaign of cyber attacks’ on Russian military intelligence

    October 4, 2018

    The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...

  • US to offer cyberwar capabilities to NATO allies

    October 4, 2018

    Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...

  • Turla APT Changes Shape with New Code and Targets

    October 4, 2018

    The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for an APT best-known for deploying a complex rootkit called Snake, traditionally focused on ...