A targeted attack against Outlook Web Application (OWA) illustrates how far adversaries will go to establish persistent control over the organization’s entire network. Israel-based Cybereason described in a research report how attackers uploaded backdoor malware to a company’s OWA server and successfully stole 11,000 usernames and passwords over several months. Attackers were able to take advantage of the fact that organizations typically configure OWA servers with “a relatively lax set of restrictions” Attackers can impersonate any user and move freely throughout the enterprise network.”]
Source: https://www.csoonline.com/article/2989981/attackers-target-owa-for-domain-credentials.html