Positive Technologies’ Expert Security Centre discovered a keylogger hidden in Microsoft Exchange Servers, stealing private credentials since 2021, impacting businesses and government bodies worldwide. The keylogger was found in the main page's clkLgn() function, recording usernames and passwords, exploiting the ProxyShell vulnerability. Attackers altered the logon
aspx file, aiming to exfiltrate sensitive login info undetected. Around 30 victims, mainly government agencies, were affected, prompting recommendations to search for the stealer code, patch vulnerabilities, monitor logs, and enhance security measures. This incident emphasizes the need for robust cybersecurity defenses and vigilance against evolving threats, with proactive security measures being vital to safeguard sensitive information. ```https://cybersecuritynews.com/keylogger-embedded-microsoft-exchange-server/