34.Key AbstractDigital Esm W900

A well-known Russian nation-state hacking group has been infiltrating the Microsoft Exchange email servers of its targeted victims since at least 2014 via a custom backdoor.

Researchers at ESET say the so-called Turla group, aka Snake, has been hacking into victims' Microsoft Exchange servers and planting its sophisticated LightNeuron backdoor malware for cyber espionage purposes. Turla accesses the email systems by abusing Exchange Server's legitimate Transport Agent feature, which lets other software from Microsoft as well as third parties to operate with Exchange, including spam-filtering tools. The feature lets these other applications process email messages coming and going from Exchange.

The link for this article located at DarkReading is no longer available.