Kaspersky Lab security experts discovered malicious malware that spied on the official websites of many government bodies and non-profit organizations throughout the world.
According to the press release, the hidden SessionManager backdoor is present on 34 servers in 24 companies. The software is embedded into computers remotely as a module for Microsoft IIS, which includes the Exchange mail server. Attackers exploit the ProxyLogon vulnerability to spread SessionManager and other malicious IIS modules.
It is noted that this SessionManager backdoor, among other things, allows hackers to read corporate mail, distribute malware and remotely control infected government servers.
According to Kaspersky Lab, the first attacks using the SessionManager backdoor were recorded at the end of March 2021. The victims are predominantly NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.
Kaspersky Lab solutions successfully detect the SessionManager and aid in the prevention of future intrusions utilizing this backdoor.