Security News > 2023 > July > Microsoft: Hackers turn Exchange servers into malware control centers
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor.
The cyberspies have been associated with a wide array of attacks against Western interests over the years, including the Snake cyber-espionage malware botnet that was recently disrupted in an international law enforcement operation titled Operation MEDUSA. In a coordinated report and Twitter thread published today by CERT-UA and Microsoft, researchers outline a new attack where the Turla threat actors target the defense sector in Ukraine and Eastern Europe.
This task downloads the DeliveryCheck backdoor and launches it in memory, where it connects to the threat actor's command and control server to receive commands to execute or deploy further malware payloads.
What makes DeliveryCheck stand out is a Microsoft Exchange server-side component that turns the server into a command and control server for the threat actors.
"The threat actor specifically aims to exfiltrate files containing messages from the popular Signal Desktop messaging application, which would allow the actor to read private Signal conversations, as well as documents, images, and archive files on targeted systems," the Microsoft Threat Intelligence team tweeted.
New PowerExchange malware backdoors Microsoft Exchange servers.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)