An Advanced Persistent Threat gang discovered by researchers at security company Mandiant is penetrating corporate networks to steal Exchange emails from employees involved in corporate transactions.
The researchers said the group has maintained access to victims' environments for more than 18 months in some instances.
The hackers can implement the newly found QUIETEXIT backdoor on network appliances with no support for security monitoring and malware detection.
The QUIETEXIT backdoor command-and-control servers are components in a botnet constructed by compromising Internet-exposed LifeSize and D-Link Internet Protocol videoconferencing camera systems, probably with default credentials.
After breaching the network and deploying backdoors, the malefactors secured privileged credentials to their victims' mail environment and began targeting on-premises Microsoft Exchange or Microsoft 365 Exchange Online mailboxes through Exchange Web Services application programming interface requests.
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found