June 7, 2023

Threat actors are exploiting the IIS web servers to install backdoors and steal credentials in their latest campaign.

Microsoft 365 Defender Research Team has revealed hackers are now using Microsoft’s IIS extensions as a backdoor to infiltrate its servers and hide deep into the system to ensure persistence on the device.

Advertisements

These extensions are payloads for MS Exchange server that can be used by threat actors because IIS extensions have the same structure and location as legit modules and both the extensions and modules are present in the same directories. 

They might not appear malicious as the main IIS-hosted target application is MS Outlook on the MS Exchange Server. An attacker can gain complete access to the victim’s email communications if it gets compromised.

Microsoft noted that in one campaign targeting Exchange servers and examined between Jan and May 2022, attackers installed customized IIS modules. Once the attacker registers with the targeted app, the backdoor and incoming, outgoing requests can be easily monitored. They may execute remote commands or put credentials in the background.

Advertisements

Critical protection features are essential for core components such as threat and vulnerability management or antivirus solutions to adopt a comprehensive solution for protecting identities and secure emails, cloud, domains, and endpoints.

Tags:

Leave a Reply

You may have missed

Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
%d bloggers like this: