Novel malware leveraged in global Microsoft Exchange server attacks

Twenty-four government and military entities in Europe, the Middle East, Asia, and Africa had 34 Microsoft Exchange servers targeted with the newly discovered SessionManager malware for Microsoft's Internet Information Services web server software, according to BleepingComputer. Kaspersky researchers have suspected Gelsemium APT to be behind the SessionManager ISS backdoor, which is believed to be leveraged in the wild undetected since March 2021. SessionManager does not only enable organizational email access and remote command execution but also system memory-stored credential harvesting and additional payload delivery, the report showed. Cybercriminals have been increasingly targeting Microsoft Exchange server vulnerabilities to infiltrate infrastructure networks since the first quarter of 2021, noted Kaspersky Global Research and Analysis Team Senior Security Researcher Pierre Delcher. "In the case of Exchange servers, we cannot stress it enough: the past year's vulnerabilities have made them perfect targets, whatever the malicious intent, so they should be carefully audited and monitored for hidden implants, if they were not already," Delcher added.