Phishing campaigns targeting enterprises in U.S. and Germany have been used to nab enterprise mailing info, passwords and certificates. Valak was first observed as a loader in 2019 but has gone through a series of dramatic changes, an evolution of over 30 different versions in less than six months, researchers say. The new and improved Valak has a modular architecture with various plug-in components that can perform reconnaissance and info-stealing once they infiltrate a Microsoft Exchange server. The latest version of the malware which researchers said is version 24 shows attackers abandoning using.
Source: https://threatpost.com/valak-loader-microsoft-exchange-servers/156078/