New Malware Dubbed SessionManager Targeting Microsoft IIS Servers in the Wild

Researchers from Kaspersky seek out more IIS backdoors after the discovery of ‘Owowa’, a malicious IIS module deployed by attackers on Microsoft Exchange Outlook Web Access servers, stealing credentials and enabling remote command execution from OWA. Also in 2021, Kaspersky noticed ‘ProxyLogon-type’ vulnerabilities within Microsoft Exchange servers, enabling threat actors to maintain persistent, update-resistant, and relatively stealthy access to the IT infrastructure of a targeted organization; be it to collect emails, update further malicious access, or clandestinely manage compromised servers that can be leveraged as malicious infrastructure.

Read full article on GBHackers

 


Date:

Categorie(s):