The SessionManager IIS backdoor

  • 6 July 2022
  • 0 replies
  • 13 views
The SessionManager IIS backdoor
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

During 2022 ESET noticed a trend among several threat actors for deploying a backdoor within IIS after exploiting one of the ProxyLogon-type vulnerabilities within Microsoft Exchange servers.
Dropping an IIS module as a backdoor enables threat actors to maintain persistent, update-resistant and relatively stealthy access to the IT infrastructure of a targeted organization; be it to collect emails, update further malicious access, or clandestinely manage compromised servers that can be leveraged as malicious infrastructure.


0 replies

Be the first to reply!

Reply