ESET has analyzed the LightNeuron malware, which is used by members of the well-known cybercriminal group Turla.
The Turla hacker team gained notoriety back in 2008 after the US Central Command network was hacked. The goal of cybercriminals is to steal sensitive data of strategic importance.
In recent years, hundreds of users in more than 45 countries, including government and diplomatic institutions, military, educational, research organizations, etc., have suffered from the actions of Turla malefactors.
But back to the LightNeuron malware. This backdoor allows you to establish almost complete control over Microsoft Exchange mail servers. By gaining access to the Microsoft Exchange transport agent, attackers can read and block emails, replace attachments and edit text, and write and distribute messages on behalf of employees in the organization.
Malicious activity is hidden in specially crafted PDF documents and JPG images; communication with the backdoor is carried out by sending requests and commands through these files.
ESET experts note that cleaning the system from the LightNeuron malware is a rather difficult task. The fact is that the removal of malicious files does not bring results and can lead to disruption of Microsoft Exchange.
There is reason to believe that this backdoor is also used for Linux systems.
Source: 3dnews.ru