Threat Actors Stealing Microsoft Exchange Credentials Using Malicious IIS Module 'Owowa'

Hackers are installing a malicious web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. According to Kaspersky's data, this attack is mostly targeting Southeast Asia, but there are European servers on the target list as well. Owowa module is specifically designed to log the credentials of users that successfully authenticate on the OWA login web page. Read more...