Exchange servers Microsoft vulnerable due to secret backdoor

A secret backdoor makes Microsoft mail servers vulnerable to a variety of malicious activities. This backdoor, also called SessionManager, has been active since March 2021. What makes this vulnerability so dangerous is that it is updated resistant.

Kaspersky writes that in an analysis.

SessionManager not detectable with antivirus programs

Researchers at the Russian cybersecurity company discovered SessionManager early this year. From collecting and reading emails to taking full control of victims’ IT infrastructure, hackers can engage in all kinds of criminal activities through this backdoor. Once they have access to a company’s IT environment, they can download and install all kinds of malware. Badly configured servers are therefore within reach.

What sets SessionManager apart from other malware is that it is overlooked by most antivirus programs. This makes it very difficult for system administrators to detect this backdoor.

SessionManager resistant to updates

What makes the backdoor particularly dangerous is that it cannot be fixed with an update. “The SessionManager backdoor enables hackers to persistently, update-resistant, and secretly maintain access to a target organization’s IT infrastructure,” Kaspersky writes. Due to similarities with the OwlProxy variant, the company believes that hacker group Gelsemium is responsible for various spying practices via SessionManager.

Security researchers from the Russian company discovered SessionManager in early 2022. 34 servers belonging to 24 government agencies, military organizations and NGOs from Europe, the Middle East, South Asia and Africa were affected by SessionManager. Health institutions, oil companies and transport companies were also popular targets of hackers.

There is still no solution: according to Kaspersky, the backdoor is still used by more than 90 percent of the affected organizations.

Microsoft Exchange Server under attack

According to Kaspersky, this backdoor has been exploited since March 2021. That’s during the period when Microsoft was under fire for four zero-day exploits in Exchange Server. Hackers exploited these vulnerabilities to steal confidential company information and personal data. They also installed a backdoor so that they could sneak into their victims’ IT systems at any time without being noticed.

Tens of thousands of companies and organizations worldwide have become victims of the zero-day exploits in Microsoft Exchange Server, including dozens of companies in our country. In May, the American hardware and software company rolled out a patch for these vulnerabilities. An international coalition claimed that China was behind the cyber attacks. China denied any involvement.

Government agencies warn about Kaspersky

Kaspersky is a cybersecurity company that is mistrusted by several governments. The German intelligence service BSI reasoned that a Russian IT company “could carry out attacks itself, be forced to attack systems against its will, or itself become the victim of a cyber operation without being aware of it”. That is why she advised companies and organizations to say goodbye to security software from Kaspersky as soon as possible.

The Italian regulator is concerned about possible privacy risks for citizens. Kaspersky must provide clarity about what information it collects, and whether this data is stored outside of Europe or not. Finally, it should explain how often the company has received requests from third parties to pass on information about Italian citizens, and to what extent they have been complied with.

The Federal Communications Commission (FCC) goes so far as to suspect that Kaspersky poses a threat to US national security. FCC board member Jessica Rosenworcel speaks of an “unacceptable risk”. For that reason, the Russian manufacturer has been placed on the so-called Covered List. That is a blacklist of foreign companies that corporate America is not allowed to do business with.

Kaspersky denies allegations

Kaspersky denies having any ties to the Kremlin. “Kaspersky will continue to assure its partners and customers of the quality and integrity of its products, and remains willing to work with U.S. government agencies to address the concerns of the FCC and any other regulatory authorities,” the company said in a statement. on the allegations.

Catch up on more articles here

Follow us on Twitter here

Popular

Must read

MORE ON THIS TOPIC:

Related Posts