Microsoft mail servers vulnerable to malware through secret backdoors

Malware has been active for at least 15 months, cybersecurity firm finds KasperskyThe company calls the newly discovered malware “SessionManager.” Victims included governments, military organizations and NGOs in Europe, the Middle East, Asia and Africa.

Maps of affected countries include the UK, Poland, Turkey, Argentina, Russia and China. The countries of Western Europe and North America appear to be barely affected. This concerns 24 companies with a total of 34 servers affected; most companies will still be compressed now.

Malware is hard to detect

SessionManager was first discovered by Kaspersky in early 2022. It will definitely be in use since March 2021, right after the wave of attacks on Exchange servers at that time. “SessionManager backdoors provide attackers with continuous, update-resistant, and reasonably hidden access to the affected enterprise IT infrastructure,” Kaspersky wrote.

Once infected with malware, cybercriminals can gain backdoor access to corporate email and install more malware allowing servers to operate undetected. For example, they can be put on servers or stolen from them and network traffic can be influenced, redirected and thus spied on.

A special feature of SessionManager, according to Kaspersky, is its poor searchability by virus scanners. Most popular online file scanners won’t find any malware. Kaspersky sees many similarities between the more general SessionManager and OwlProxy targets. Therefore, the company suspects that the Gelsemium group is behind the malware.

Kaspersky under fire

Kaspersky is one of the largest cybersecurity companies in the world. The company was founded in 1997 by the Russian couple Eugene and Natalya Kaspersky, who had worked for the intelligence services of the Soviet Union.

Shortly after Russia’s invasion of Ukraine, the US government began warning companies against using Kaspersky antivirus software. Russian companies could harm companies under pressure from the Kremlin, the warning sounded. The US regulator FCC has blacklisted Kaspersky for companies that pose a risk to national security.

German intelligence service BSI also advises Kaspersky customers to choose other antivirus software suppliers.

Rebecca Burke

"Coffee trailblazer. Analyst. General music geek. Bacon maven. Devoted organizer. Incurable internet ninja. Entrepreneur."

Leave a Reply

Your email address will not be published.