Hackers target Microsoft servers with new malware

Hackers target Microsoft servers with new malware

San Francisco, 2.7.2022

A new malware variant targeting Microsoft servers has been detected. The malware goes by the name Session Manager.

The attack is believed to originate from the hacker group Gelsemium, which is known for its attacks on universities, governments, private companies, etc. Gelsemium used a vulnerability in Microsoft Exchange Server to gain unauthorized access. The group specifically used IIS, the Microsoft Web Server tool. IIS is a backdoor that allows threat actors to use cyber espionage tactics and gain information about emails, browsing histories, server information, etc., if misused.

Using a special tool, Gelsemium was able to send HTTP requests that mimic authentic requests. The affected organizations are located in countries such as Argentina, Armenia, China, Djibouti, Equatorial Guinea, Eswatini, Hong Kong, Indonesia, Kenya, Kuwait, Malaysia, Nigeria, Pakistan, Poland, the Russian Federation, Saudi Arabia, Taiwan, Thailand, Turkey, the United Kingdom and Vietnam.

Microsoft Exchange Server has been the target of numerous security breaches in recent months. A vulnerability in the company’s service was exploited by Blackcat ransomware, while Chinese group Hafnium did the same later this year.

At one point, Exchange Server was hit by thousands of different cyberattacks. The FBI used a court order to clean its files from hacked Microsoft Exchange servers.