Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Microsoft Communications Security

Russia-Linked Hackers Using Sophisticated Backdoor To Hijack Exchange Servers (securityweek.com) 40

Posted by EditorDavid from the Microsoft-malware dept.
wiredmikey quotes SecurityWeek: The Russia-linked threat group known as Turla has reportedly been using a sophisticated backdoor to hijack Microsoft Exchange mail servers, ESET reported... The malware, dubbed LightNeuron, allows the attackers to read and modify any email passing through the compromised mail server, create and send new emails, and block emails to prevent the intended recipients from receiving them. According to ESET, LightNeuron has been used by Turla — the group is also known as Waterbug, KRYPTON and Venomous Bear — since at least 2014 to target Microsoft Exchange servers. The cybersecurity firm has analyzed a Windows version of the malware, but evidence suggests a Linux version exists as well.
This discussion has been archived. No new comments can be posted.

Russia-Linked Hackers Using Sophisticated Backdoor To Hijack Exchange Servers More

Russia-Linked Hackers Using Sophisticated Backdoor To Hijack Exchange Servers

Comments Filter:

  • Cloudy McCloudHole

  • ...use an Exchange server [wikipedia.org] to handle sensitive or classified information [battleswarmblog.com]...

  • aren't some of the things they're making the servers do features that aren't available to normal users/administrators that could be considered useful as an add-on service?
    ;

    • aren't some of the things they're making the servers do features that aren't available to normal users/administrators that could be considered useful as an add-on service? ;

      From what the article says it sounds like the malware is running as a Transport agent on the server. It doesn't give enough details to know if an existing admin installed that Transport agent, or if the admins could remove it or not. Without any more knowledge this smells like someone either intentionally or was tricked into installing malware onto their Exchange servers.

  • Do they use Microsoft's NSA back-door? (Score:3)

    by ffkom ( 3519199 ) on Saturday May 11, 2019 @05:40PM (#58575656)
    Or did they have to buy/create on of their own? I mean it's not as if nobody would eavesdrop/manipulate the data you expose to Microsoft if only some Russian hackers would refrain from doing so.
  • This is a command and control method that you install on an already compromised server, not a hole in Exchange, Sendmail or Postfix. It's neat and noteworthy, because it uses stenography in jpegs that are sent through the mail, but the server has already been hacked by the time it is installed. Literally any open network service on a machine would be open to being abused on a compromised server.

    • Re: A little sanity here... (Score:1)

      by Anonymous Coward

      Uses stenography? They have a Russkie shorthand writer inside the hack?

      Cheesus, g-d, these GRU types are getting better by the minute.

  • Holy Shit (Score:1)

    by Anonymous Coward

    Do they mean to say that Exchange now runs on Linux? That would be a game changer!

  • Why are they confused? It's right there in the system's name: "Exchange". And everyone is equal, so that's that. Remember, information wants to be free!! Now it's more so than it was before.

    What's in YOUR wallet? No, really: WHAT'S in your wallet?
  • ESET are probably really good at spotting this kind of attack as their own NOD32 AV used to do this exact same thing except it used to delete the contents of Exchange emails and replace it with "scanned by NOD32". In terms of "security software that creates more damages than the threats it purportedly shields against", NOD32 along with Norton Internet Security, stand out from the crowd

Slashdot Top Deals

Keep up the good work! But please don't ask me to help.

Close