An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-seen Powershell backdoors. The activity is tied back to the known xHunt threat group, which has previously launched an array of attacks targeting the Kuwait government, as well as shipping and transportation organizations. The attack used two newly discovered backdoors: One that researchers called TriFive, and the other, a variant of a previously discovered PowerShell-based backdoor (dubbed CASHY200), which they called Snugy
Source: https://threatpost.com/microsoft-exchange-attack-xhunt-backdoors/161041/