Microsoft Exchange backdoors exploited to spy on NGOs worldwide

Cybersecurity researchers at Kaspersky recently discovered a brand new IIS module designed to steal credentials that victims type when logging into their Outlook Web Access (OWA) accounts.

They called the new module backdoor SessionManager and claim that it is persistent, resistant to updates and unobtrusive. By using SessionManager, Kaspersky further claims, threat actors can access corporate emails, drop other malicious payloads (such as ransomware, for example) on the target network, and manage compromised servers in the utmost secrecy.