A new PowerShell malware named PowerExchange is used to backdoor on-premise Microsoft Exchange servers.
The malware is linked to APT34 Iranian state hackers.
The initial vector of infection is phishing emails with a malicious archive. For further data and credentials stealing, a web shell named ExchangeLeech is used.
