Exchange servers Microsoft vulnerable due to secret backdoor

A secret backdoor makes Microsoft mail servers vulnerable to a variety of malicious activities. This backdoor, also called SessionManager, has been active since March 2021. What makes this vulnerability so dangerous is that it is updated resistant.

Kaspersky writes that in an analysis.

SessionManager not detectable with antivirus programs

Researchers at the Russian cybersecurity company discovered SessionManager early this year. From collecting and reading emails to taking full control of victims’ IT infrastructure, hackers can engage in all kinds of criminal activities through this backdoor. Once they have access to a company’s IT environment, they can download and install all kinds of malware. Badly configured servers are therefore within reach.

What sets SessionManager apart from other malware is that it is overlooked by most antivirus programs. This makes it very difficult for system administrators to detect this backdoor.

SessionManager resistant to updates

What makes the backdoor particularly dangerous is that it cannot be fixed with an update. “The SessionManager backdoor enables hackers to persistently, update-resistant, and secretly maintain access to a target organization’s IT infrastructure,” Kaspersky writes. Due to similarities with the OwlProxy variant, the company believes that hacker group Gelsemium is responsible for various spying practices via SessionManager.

Security researchers from the Russian company discovered SessionManager in early 2022. 34 servers belonging to 24 government agencies, military organizations and NGOs from Europe, the Middle East, South Asia and Africa were affected by SessionManager. Health institutions, oil companies and transport companies were also popular targets of hackers.

There is still no solution: according to Kaspersky, the backdoor is

Read more

Explore the site

More from the blog

Latest News