:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/G2XPOAWFKBF5XE4QAMRHPG2MSA.jpg)
A group of researchers and experts in cyber security have identified asoftware‘ malicious backdoor into so-called Internet Information Server (IIS), web servers edited by microsoftwhich has affected various government organizations around the world.
A ‘backdoor’ or rear door is a vulnerability that allows cybercriminals to access a serverwebsite, local or corporate network without being detected to steal documentation or deploy ‘malware’.
Researchers from the cybersecurity company Kaspersky have detected this malicious ‘software’called SessionManager, which allows cybercriminals to keep this ‘backdoor’ open and is resistant to system updates.
READ ALSO: More than 44 thousand Peruvians were trained in digital literacy and production courses
That way, once they get into the system, they can gain access to emails, secretly manage compromised servers, and install other types of ‘malware’.
It was in December 2021 that Kaspersky discovered an unknown IIS module named ‘Owowa’, capable of stealing a user’s typed credentials when logging on to Outlook Web Access.
Since then, this team has been monitoring the behavior of these Microsoft servers and, in a recent investigation, has found this new unwanted backdoor module.
Kaspersky has determined that a distinctive feature of SessionManager is its low detection rate since, despite being first discovered in early 2022, some of the samples of its activity have not been classified as malicious in analysis services and online cybersecurity.
READ ALSO: Microsoft will notify users of the end of Windows 8.1
This malicious software would have been identified on 34 Microsoft servers belonging to 20 different organizations from Europe, the Middle East, South Asia and Africa, who have reportedly been infected since March 2021.
Although this ‘malware’ operates mainly in these organizations, other medical institutions, oil companies and companies dedicated to transportation, among others, have also been compromised.
According to the latest research carried out by this cybersecurity company, at the end of April this year SessionManager was still registered as operational in more than 20 organizations.
LOOK: Microsoft chose Uruguay to launch its first AI lab in Latin America
“It is still possible to discover related malicious activities months or years later, and this will probably be the case for a long time,” said Pierre Delcher, Senior Security Researcher in Kaspersky’s global research and analysis team.
The company’s experts have predicted that, because it attacks similar victims and uses a common variant of OwlProxy, it is possible that the Gelsemium cybercriminal group could have taken advantage of vulnerabilities in these IIS servers.
Source: Elcomercio
I have worked as a journalist for over 10 years and have written for various news outlets. I currently work as an author at 24 News Recorder, mostly covering entertainment news. I have a keen interest in the industry and enjoy writing about the latest news and gossip. I am also a member of the National Association of Journalists.
