A vulnerability in Microsoft Exchange has been actively exploited for the past year. Government institutions are also affected.
News
Various Microsoft Exchange servers belonging to government and military institutions have been attacked by unknown hackers since 2021 – many of the affected networks are still infected without the “SessionManager” malware being detected. This emerges from a report by security experts from Kaspersky.
The SessionManager malware is a native core module that enables a backdoor: This enables permanent and, above all, unobtrusive access to the attacked server. Among other things, the attackers could get hold of read permissions for e-mails or manage compromised networks and thus also inject new malware.
It is not yet known who is behind the attacks and how many networks were specifically targeted by the SessionManager attack. There is speculation on the part of Kaspersky via a connection to the “Gelsemium” hacker group, which has been active since at least 2014 and carried out the attacks as part of a “worldwide espionage operation”.
Exchange servers in Europe, Asia, Africa and the Middle East are particularly affected. Countless information, including login data, is said to have been collected here via the SessionManager malware and gotten into the hands of the hack.