While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.
This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.
Read more…
Source: Positive Technologies
Related:
- Treason charges against Russian cyber experts linked to seven-year-old accusation
February 26, 2017
Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation. They said the arrests concern allegations that the suspects passed secrets to U.S. firm Verisign and other ...
- Second FSB Agent Arrested for Treason Revealed as Notorious Hacker
January 27, 2017
Major Dmitry Dokuchaev, one of four cyber-security experts arrested by the Kremlin on charges of treason, has allegedly been revealed as an infamous Russian hacker. Dokuchaev worked as a hacker under the alias “Forb” until Russia’s Federal Security Service (FSB) threatened to jail him, an unverified source told the RBC newspaper. “Forb” gave a interview to Russian ...
- Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
January 23, 2017
Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B). Similar to previous attacks, the Disttrack malware used by Shamoon is just the destructive payload. It required other means to be deployed on targeted organizations’ networks and is configured ...
- Court Documents Reveal How Feds Spied On Connected Cars For 15 Years
January 16, 2017
It’s not always necessary to break into your computer or smartphone to spy on you. Today all are day-to-day devices are becoming more connected to networks than ever to add convenience and ease to daily activities. But here’s what we forget: These connected devices can be turned against us because we are giving companies, hackers, and ...

