A vulnerability in Microsoft Exchange has been actively exploited for the past year. Government institutions are also affected.
News
Various Microsoft Exchange servers belonging to government and military institutions have been attacked by unknown hackers since 2021 – many of the affected networks are still infected without the “SessionManager” malware being detected. This emerges from a report by security experts from Kaspersky.
The SessionManager malware is a native core module that enables a backdoor: This enables permanent and, above all, unobtrusive access to the attacked server. Among other things, the attackers could get hold of read permissions for e-mails or manage compromised networks and thus also inject new malware.
It is not yet known who is behind the attacks and how many networks were specifically targeted by the SessionManager attack. There is speculation on the part of Kaspersky via a connection to the “Gelsemium” hacker group, which has been active since at least 2014 and carried out the attacks as part of a “worldwide espionage operation”.
Exchange servers in Europe, Asia, Africa and the Middle East are particularly affected. Countless information, including login data, is said to have been collected here via the SessionManager malware and gotten into the hands of the hack.
From October 1st
Microsoft Exchange: Basic Auth procedure will be abolished
The insecure login method “Basic Authentication” is deactivated in Microsoft Exchange. What changes are coming to users.
Security gap for Germany alone
Microsoft Exchange: Over 12,000 via vulnerabilities…
Numerous Microsoft Exchange servers are active in Germany, which lack current security updates and are therefore vulnerable to attacks.
1.7.2022 from Yusuf Hatic
Continue to home page
more on the subject
Cyber attacks via email
Phishing emails in the home office are increasing
In times of increased home office work, phishing emails are very popular with attackers. This is how cyber attacks happen.
Set up email apps
Apple, Googlemail, Outlook & Co.: IMAP &…
Apple, Googlemail, GMX, T-Online and Co. offer a website for e-mails. If you prefer to edit e-mails in apps, you will find the right…
Chrome, Edge and Firefox
Browser vulnerability: passwords stored in plain text
A vulnerability in Google Chrome allows passwords to be read in plain text. But Edge and Firefox should also be affected.