Network Security, Email security, Malware

Keylogger delivered via Microsoft Exchange Server exploits

A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

Attacks leveraging Microsoft Exchange Server vulnerabilities to facilitate keylogger malware deployment have been launched against more than 30 government, financial, education, and IT organizations in Africa and the Middle East since 2021, reports The Hacker News.

Initial exploitation of the ProxyShell bugs, tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, has allowed authentication evasion, privilege escalation, and remote code execution followed by the installation of a keylogger to the main page of Exchange Server to enable account credential exfiltration from an internet-exposed file, according to a report from Positive Technologies, which has not yet linked the attack campaign to a specific operation due to inadequate information.

Organizations have been recommended to not only update their Exchange Server instances but also examine their Exchange Server's main page for potential compromise.

"If your server has been compromised, identify the account data that has been stolen and delete the file where this data is stored by hackers. You can find the path to this file in the logon.aspx file," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.