LightNeuron MTA
Tue, 21 May 2019 14:02:10 +0200
#^TURLA LIGHTNEURON - One email away from remote code execution | WeLiveSecurity
In this white paper, we present the analysis of LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers.
Key points in this white paper:
* Turla is believed to have used LightNeuron since at least 2014.
* LightNeuron is the first publicly known malware to use a malicious Microsoft Exchange Transport Agent.
* LightNeuron can spy on all emails going through the compromised mail server.
* LightNeuron can modify or block any email going through the compromised mail server.
* LightNeuron can execute commands sent by email.
* Commands are hidden in specially crafted PDF or JPG attachments using steganography.
* LightNeuron is hard to detect at the network level because it does not use standard HTTP(S) communications.
* LightNeuron was used in recent attacks against diplomatic organizations in Eastern Europe and the Middle East.
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).