Kaspersky Lab discovered the SessionManager virus, which provided attackers with access to the corporate IT infrastructure of government agencies and non-profit organizations around the world, including Russia.
Kaspersky Lab experts have discovered a hard-to-detect backdoor (malicious program for hidden remote control) SessionManager. It allows access to the corporate IT infrastructure… The first attacks using the SessionManager were recorded at the end of March 2021. The victims are predominantly government agencies and non-profit organizations in Africa, South Asia, Europe and the Middle East, as well as in Russia.
The virus made it possible to read corporate mail, distribute malware, and remotely control infected servers. So far, the backdoor has been found on 34 servers in 24 companies.
The attackers inject the malware remotely as a module for Microsoft IIS, a set of web services that includes the Exchange mail server. Any employee of the company faces the operation of this server when using Microsoft corporate mail. Attackers exploit the ProxyLogon vulnerability to spread SessionManager and other malicious IIS modules.