New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

01-Jul-22

As of June 2022, infections were still present in 20 businesses, indicating that a recently discovered malware has been used in the wild to backdoor Microsoft Exchange servers belonging to a variety of enterprises globally at least since March 2021.

After using one of the ProxyLogon vulnerabilities in Exchange servers, the malicious code, called SessionManager, poses as a module for Internet Information Services, a web server application for Windows systems. Read More…