Blog | G5 Cyber Security

xHunt hackers hit Microsoft Exchange with two news backdoors

Palo Alto Networks have spotted two new Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. The attack was spotted in September when researchers were notified that threat actors breached an organization. The attackers used two newly discovered backdoors tracked as TriFive and Snugy The TriFive backdoor is executed every five minutes via a scheduled task, it provides backdoor access to the Exchange server by logging into a legitimate users inbox and obtaining a script from an email draft. The Snugy backdoor uses a DNS tunneling channel to run commands on the compromised server.”]

Source: https://securityaffairs.co/wordpress/110644/apt/xhunt-attackers-hit-microsoft-exchange.html

Exit mobile version