Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server

    Date07 May 2019
    1844
    Posted ByBrittany Day
    LS Hmepg 337x500 34

    A well-known Russian nation-state hacking group has been infiltrating the Microsoft Exchange email servers of its targeted victims since at least 2014 via a custom backdoor.

    Researchers at ESET say the so-called Turla group, aka Snake, has been hacking into victims' Microsoft Exchange servers and planting its sophisticated LightNeuron backdoor malware for cyber espionage purposes. Turla accesses the email systems by abusing Exchange Server's legitimate Transport Agent feature, which lets other software from Microsoft as well as third parties to operate with Exchange, including spam-filtering tools. The feature lets these other applications process email messages coming and going from Exchange.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.