Positive Technologies detects a series of attacks via Microsoft Exchange Server


While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.

This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • InvisiMole Burrows into Targets with Rich Espionage Tools

    June 11, 2018

    Researchers are expressing concern over a versatile spyware called InvisiMole that has been spotted in highly targeted campaigns targeting Windows PCs in Russia and the Ukraine. The malicious code, which comes in 32-bit and 64-bit versions, has a modular architecture, with two different, feature-rich backdoors that have overlapping functionality. Read more… Source: ThreatPost  

  • China blamed for data theft from US Navy contractor

    June 11, 2018

    China is being blamed for a cyberattack on a US Navy contractor which has led to the theft of sensitive military information. As reported by The Washington Post, US officials have claimed that up to 614 Gigabytes of information was stolen, including signal and sensor data, as well as submarine radio information relating to cryptographic systems. Plans for ...

  • Targeted Spy Campaign Hits Russian Service Centers

    June 7, 2018

    A series of espionage attacks have been uncovered, targeted at service centers in Russia that provide maintenance and support for a variety of electronic goods. The payload is a commercial version of the Imminent Monitor tool, which is freely available for purchase as legitimate software. Its developers explicitly prohibit any usage of the tool in a malicious way ...

  • RedDawn Espionage Campaign Shows Mobile APTs on the Rise

    May 18, 2018

    A sophisticated and targeted mobile espionage campaign has been found targeting North Korean defectors. Mounted by a relatively new APT actor known as Sun Team, the offensive used Google Play and Facebook as attack vectors; and overall, it shows how quickly the mobile threat landscape is evolving as APTs shift tactics to focus on this ...

  • Phishing Spy Campaign Targets Top Mideast Officials

    May 15, 2018

    Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over 30 gigabytes of compromised data on attacker infrastructure, including call records, audio recordings, device ...

  • Ex-CIA man named as suspect in Vault 7 leak

    May 15, 2018

    A former CIA employee has been named as the prime suspect in last year’s dump of thousands of documents on the agency’s hacking practices. A report from The Washington Post cites court documents that name Joshua Adam Schulte as the person authorities think to be behind the massive Vault7 data dump. Read more… Source: The Register