Governments and military organizations hit by new malware targeting Microsoft Exchange

Cyber ​​threats of all kinds are definitely on the rise. The latest discovery from computer security specialist Kaspersky has something to give Microsoft and its customers cold sweats.

New malware is making headlines. Kaspersky cybersecurity specialists discovered malware on a number of Microsoft Exchange servers belonging to governments and military organizations in Europe, Asia, Africa and the Middle East.

Almost complete access to the system

This piece of malicious code specifically targets Microsoft’s Exchange servers. This critical infrastructure centralizes, among other things, the emails of the organizations that use it. Dubbed SessionManager, the malware is able to create a backdoor within the system and provides access to a vast array of sensitive data. Worse still, it would appear that the software is “resistant to updates“, according to Kaspersky.”Once introduced into the victim’s system, cybercriminals can gain access to company emails, create further access by installing other types of malware, or clandestinely manage compromised servers“, lists the company.

Concretely, SessionManager allows (among other things) to manage files on the targeted servers, to execute commands in an arbitrary way and to connect to the network to infect other machines. An unpleasant triple threat, especially in the case of infrastructures commissioned by governments. According to Kaspersky’s count, at least 34 servers within 24 structures are infected with the malware.

Gelsemium, malware specialist

Exchange servers have become a prime target for hackers of all stripes after several vulnerabilities were discovered during 2021.”In the case of Exchange servers, we cannot say it enough: the vulnerabilities of the last year have made them perfect targets, regardless of malicious intent.“, explains Pierre Delcher, engineer at Kaspersky. Other malware and backdoors of the same type had been discovered on these infrastructures in recent months.

It seems that the attack comes from a group of well-known hackers named Gelsemium. Specialized in computer espionage in the broad sense, the organization – active since 2014 at least – has a nice hunting record with the integration of malicious codes within Microsoft Office documents or Android emulators on Windows and macOS.

Advertising, your content continues below

Advertising, your content continues below

Leave a Comment