Security News > 2023 > July > Microsoft: Hackers turn Exchange servers into malware control centers

Microsoft: Hackers turn Exchange servers into malware control centers
2023-07-19 19:06

Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor.

The cyberspies have been associated with a wide array of attacks against Western interests over the years, including the Snake cyber-espionage malware botnet that was recently disrupted in an international law enforcement operation titled Operation MEDUSA. In a coordinated report and Twitter thread published today by CERT-UA and Microsoft, researchers outline a new attack where the Turla threat actors target the defense sector in Ukraine and Eastern Europe.

This task downloads the DeliveryCheck backdoor and launches it in memory, where it connects to the threat actor's command and control server to receive commands to execute or deploy further malware payloads.

What makes DeliveryCheck stand out is a Microsoft Exchange server-side component that turns the server into a command and control server for the threat actors.

"The threat actor specifically aims to exfiltrate files containing messages from the popular Signal Desktop messaging application, which would allow the actor to read private Signal conversations, as well as documents, images, and archive files on targeted systems," the Microsoft Threat Intelligence team tweeted.

New PowerExchange malware backdoors Microsoft Exchange servers.

News URL