Microsoft Exchange Services Targeted By New PowerShell Malware

A new PowerShell malware named PowerExchange is used to backdoor on-premise Microsoft Exchange servers. The malware is linked to APT34 Iranian state hackers. The initial vector of infection is phishing emails with a malicious archive. For further data and credentials stealing, a web shell named ExchangeLeech is used. Read more...