The Russian computer security company Kaspersy detected a virus spy who for more than a year has been attacking state institutions and non-governmental organizations in various parts of the world.
“Kaspersky experts identified the SessionManager backdoor. It allows access to the corporate IT infrastructure and to carry out a wide spectrum of malicious actions,” the company said in a statement cited by Eph.
This security flaw allows access to corporate correspondence, transmission of malware, and remote control of infected servers. According to Kaspersky, the code is remotely deployed in the guise of a Microsoft IIS module, which was originally conceived as a set of web browsing services including the Exchange mail server.
“Any employee of a company operates with this server when using Microsoft’s corporate mail services,” said the Russian company, which also notes that the first SessionManager attacks were detected in late March 2021.
“The main victims are state entities and non-governmental organizations in Africa, South Asia, Europe, the Middle East and also in Russia,” the company explained. According to the company, “Currently the backdoor was detected on 34 servers from 24 companies. SessionManager often goes unnoticed as it is not detected by most of the major antiviruses on the net”.
With information from Eph.