acm-header
Sign In

Communications of the ACM

ACM TechNews

Cyberspies Use IP Cameras to Deploy Backdoors, Steal Exchange Emails


The hackers usually steal all emails received by "executive teams and employees that work in corporate development, mergers and acquisitions, or IT security staff" over a specific date range, instead of picking emails of interest or using keyword filterin

Credit: BleepingComputer

An Advanced Persistent Threat gang discovered by researchers at security company Mandiant is penetrating corporate networks to steal Exchange emails from employees involved in corporate transactions.

The researchers said the group has maintained access to victims' environments for more than 18 months in some instances.

The hackers can implement the newly found QUIETEXIT backdoor on network appliances with no support for security monitoring and malware detection.

The QUIETEXIT backdoor command-and-control servers are components in a botnet constructed by compromising Internet-exposed LifeSize and D-Link Internet Protocol videoconferencing camera systems, probably with default credentials.

After breaching the network and deploying backdoors, the malefactors secured privileged credentials to their victims' mail environment and began targeting on-premises Microsoft Exchange or Microsoft 365 Exchange Online mailboxes through Exchange Web Services application programming interface requests.

From BleepingComputer
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


 

No entries found