While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.
This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.
Read more…
Source: Positive Technologies
Related:
- APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security
September 3, 2018
n advanced threat actor has been associated with China’s Ministry of State Security via two individuals and a Chinese firm. Researchers claim that APT10, a likely China-based threat actor, is believed directly connected to the Chinese Ministry of State Security’s (MSS) Tianjin bureau. The allegations come from CrowdStrike which released a report Friday that claims it has found firm ...
- Botched CIA Communications System Helped Blow Cover of Chinese Agents
August 15, 2018
It was considered one of the CIA’s worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies. But since then, a question has loomed over the entire debacle. How were the Chinese able to roll up ...
- A First Look at the North Korean Malware Family Tree
August 9, 2018
Security researchers have analyzed malware samples from threat actors associated with North Korea and discovered connections with tools from older unattributed campaigns. The research is spread over several months and connects a diverse range of operations from cyberespionage to financially-motivated campaigns. The campaigns analyzed by the researchers and a timeline of their release can be shown below. Read more: Source: ...
- NSO Spyware Targets Saudi Human Rights Activists and Researchers
July 31, 2018
Amnesty International, one of the most prominent non-profit human rights organizations in the world, claims one of its staff members has been targeted by a sophisticated surveillance toolmade by Israel’s NSO Group. The NSO Group is an Israeli firm that’s mostly known for selling high-tech spyware and surveillance malware capable of remotely cracking into Apple’s iPhones and Google’s Android devices to intelligence ...
- Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions
July 25, 2018
Active attack group is eager to make use of available tools, research, and the work of other threat actors. Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017. The group tends ...
- Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users
July 13, 2018
Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and ...

