Exchange Servers Backdoored Globally by SessionManager

  /     /     /  
Publicated : 23/11/2024   Category : security


Exchange Servers Backdoored Globally by SessionManager


Malicious IIS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say.



Attackers once focused on exploiting ProxyLogon Microsoft Exchange server vulnerabilities have made a pivot to the new SessionManager backdoor, which can be used to gain persistent, undetected access to emails -- and even take over the target organizations infrastructure. 
Researchers from Kaspersky today report the emergence of SessionManager, which they say is part of a bigger trend of attackers deploying malicious backdoor modules inside Internet Information Services (IIS) servers for Windows, like
Exchange servers.
 
The malicious SessionManager backdoor, first observed in March 2021, has been used to target nongovernmental organizations (NGOs) across Africa, Europe, the Middle East, and South Asia, the researchers add. The Kaspersky report says 34 servers across 24 individual NGOs have been compromised by SessionManager. 
The exploitation of Exchange server vulnerabilities has been a favorite of cybercriminals looking to get into targeted infrastructure since Q1 2021, said Pierre Delcher, senior security researcher at Kaspersky, in a post about the findings. The recently discovered SessionManager was poorly detected for a year and is still deployed in the wild.
The Kaspersky team recommends regular threat hunting for malicious modules in exposed IIS servers and focusing detection on lateral movement across the network, as well as close monitoring of data exfiltration to the Internet. 
In the case of Exchange servers, we cannot stress it enough: The past year’s vulnerabilities have made them perfect targets, whatever the malicious intent, so they should be carefully audited and monitored for hidden implants, if they were not already,” Delcher 
warned
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Exchange Servers Backdoored Globally by SessionManager