Communications of the ACM
Cyberspies Use IP Cameras to Deploy Backdoors, Steal Exchange Emails
The hackers usually steal all emails received by "executive teams and employees that work in corporate development, mergers and acquisitions, or IT security staff" over a specific date range, instead of picking emails of interest or using keyword filterin
Credit: BleepingComputer
An Advanced Persistent Threat gang discovered by researchers at security company Mandiant is penetrating corporate networks to steal Exchange emails from employees involved in corporate transactions.
The researchers said the group has maintained access to victims' environments for more than 18 months in some instances.
The hackers can implement the newly found QUIETEXIT backdoor on network appliances with no support for security monitoring and malware detection.
The QUIETEXIT backdoor command-and-control servers are components in a botnet constructed by compromising Internet-exposed LifeSize and D-Link Internet Protocol videoconferencing camera systems, probably with default credentials.
After breaching the network and deploying backdoors, the malefactors secured privileged credentials to their victims' mail environment and began targeting on-premises Microsoft Exchange or Microsoft 365 Exchange Online mailboxes through Exchange Web Services application programming interface requests.
From BleepingComputer
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found