Since March 2021, threats on Microsoft IIS Servers have used a new backdoor called “SessionManager,” according to Kaspersky Lab researchers.
Victims of the backdoor
SessionManager, the malicious software that takes advantage of one of the ProxyLogon vulnerabilities in Exchange servers, poses as a module for Internet Information Services (IIS), a virtual server application for Windows systems.
The 24 different targets were spread over the continents of Africa, South America, Asia, Europe, Russia, and the Middle East. They also included political, military, and industrial institutions. To date, a SessionManager variation has compromised 34 servers in total.
Due to the comparable victims and a widely used OwlProxy variation, the researchers describe the attack as the GELSEMIUM malicious attacker.
Features supported by SessionManager:
- On the hacked server, reading, writing to, and deleting arbitrary files is possible.
- This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: