Positive Technologies detects a series of attacks via Microsoft Exchange Server

While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers.

This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to the researchers’ data, the first compromise occurred in 2021. Without additional data, they were not able to attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East.

Read more…
Source: Positive Technologies

Sign up for our Newsletter


  • WikiLeaks Vault 7: CIA’s “Pandemic” Tool Replaces Files with Malware

    June 2, 2017

    WikiLeaks has released a new set of documents from its Vault 7 series, this time detailing a tool that the CIA allegedly uses to spread malware on a targeted organization’s network. Appropriately called “Pandemic,” the tool can install a file system filter driver on a network, replacing legitimate files with malicious payload when they are accessed ...

  • Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication

    May 30, 2017

    What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn’t it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google’s ...

  • Wikileaks Unveils CIA’s Man-in-the-Middle Attack Tool

    May 5, 2017

    Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle (MitM) attack tool allegedly created by the United States Central Intelligence Agency (CIA) to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the whistleblower group claims came from the CIA. This latest batch is the ...

  • CIA director calls WikiLeaks ‘hostile intelligence agency’

    April 13, 2017

    CIA Director Mike Pompeo is denouncing WikiLeaks, calling the anti-secrecy group a “hostile intelligence agency.” In his first public speech since becoming director of the agency, the former Republican congressman says WikiLeaks “walks like a hostile intelligence agency and talks like a hostile intelligence agency.” Last month, WikiLeaks released nearly 8,000 documents that it says reveals secrets ...

  • Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks

    April 10, 2017

    Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...

  • Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

    April 8, 2017

    A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to “Equation ...