“Kaspersky Lab” discovered a new virus, SessionManager, which allows criminals to gain access to the corporate IT infrastructure of government agencies and non-profit organizations. It can distribute malware, read corporate mail, and remotely manage infected servers.
The first attacks using stealth malware were detected by Kaspersky Lab at the end of March 2021. The virus has spread in Europe, Africa, South Asia, the Middle East and Russia. SessionManager is currently found on 34 servers at 24 companies. It is poorly recognized by most online scanners, so the virus often goes unnoticed.
SessionManager is deployed remotely as a module for Microsoft IIS, which includes the Exchange mail server, the main server when using Microsoft corporate mail. To spread the virus, attackers exploit the ProxyLogon vulnerability.
Even more news is in the Kommersant Telegram channel.