An Ongoing Malware Campaign Exploits Microsoft Exchange Server Flaws


Positive Technologies researchers discovered an unknown keylogger on Microsoft Exchange Server, used to gather account credentials. They found over 30 victims, mainly government agencies, across several countries, including Russia, the U.A.E., and Nigeria. The attackers exploited ProxyShell vulnerabilities to inject the keylogger into the server’s main page. They also added code to redirect stolen credentials to a file accessible online. Positive Technologies advises checking servers for compromise and deleting stolen data files, urging users to update Exchange Server to the latest version or install pending updates.

Read More…