Positive Technologies detects a series of attacks via Microsoft Exchange Server


While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.

This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • 1.5 billion sensitive files exposed by misconfigured servers, storage and cloud services

    April 5, 2018

    Researchers have discovered over 1.5 billion sensitive files including payroll information, credit card details, medical data, and patents for intellectual property are exposed online, putting consumers and businesses at risk of theft, cybercrime, and espionage. But the information exposed online — which amounts to a total of 12,000 terabytes of data — isn’t there as a ...

  • FBI: Iranian Firm Stole Data In Massive Spear Phishing Campaign

    March 26, 2018

    The United States Department of Justice announced charges against nine Iranians accused of stealing private data from U.S. universities, private companies and U.S. government agencies. FBI Deputy Director David Bowdich said in a statement that the state-sponsored hackers worked for more than four years to steal expensive science and engineering-related research, company trade secrets, and sensitive U.S. government ...

  • Slingshot Malware ‘Was US Special Operations Spy Tool’

    March 22, 2018

    Malware discovered by Kaspersky Lab was developed by an elite group within the US military to spy on militants, officials say A highly advanced malware strain uncovered by Kaspersky Lab earlier this month was in fact developed by an elite US military unit, which was using it to track down militants associated with Islamic State and ...

  • Spy malware secrets: How complex ‘Slingshot’ hit targets via hacked routers

    March 12, 2018

    Researchers at Kaspersky Lab have discovered espionage malware that appears to have been developed by a government to spy on targets across Africa and the Middle East for the past six years. The researchers haven’t named Slingshot’s country of origin, but note the presence of debug messages written in perfect English, while various component names such ...

  • Australian universities and NGOs targeted by Iranian and Chinese hackers

    February 27, 2018

    Australian universities have been targeted by hackers with connections to Iran in recent months, and “a number of investigations” are in progress, according to cybersecurity firm CrowdStrike. “There are a lot of things that are happening geopolitically that are driving a lot of attacks,” the company’s vice president for technology strategy Michael Sentonas told journalists in ...

  • Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware

    February 7, 2018

    Security researchers have discovered a custom-built piece of malware that’s wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao, the attack campaign discovered by the security researchers at Bitdefender have been targeting organizations in the government, ...