Dell SecureWorks detected the Skeleton Key malware, which modifies authentication process on Active Directory (AD) systems protected by only passwords. The attackers can use to have total access to remote access services with a password of their choosing to authenticate as any user. The malware is deployed as an in-memory patch on a targeted AD domain controllers to allow attackers to access to webmail and VPN services. The threat actors can get access to the victims email correspondence and network files.”]
Source: https://securityaffairs.co/wordpress/32208/cyber-crime/skeleton-key-malware.html