A newly developed malware dubbed SessionManager, has been used by the cyber criminals to defect the Microsoft Exchange servers. The servers belongs to the government and military organizations from the countries of Europe, the Middle East, Asia and Africa.
Accordingly, the SessionManager backdoor allowed threat actors to continuously enter into the IT infrastructure of the targeted organizations. After entering into the system, the cybercriminals used this malware to gain access to the company emails. Also, the attackers used to update malicious access by installing several other malwares to defect the systems.
Consequently, this malware, once entered into the system, drops and manages the arbitrary files on compromised servers. The malicious operators then, remotely commands the defection of the systems on the backdoored devices. Afterwards, the malware violates the system’s network traffic of the victim.
This malware was spotted by the security researchers at Kaspersky in 2022. SessionManager is a native-code module threat for the Microsoft’s Internet Information Services (IIS) web server software. Since from March 2021, SessionManager was been used for several malicious activities, without being detected.
