GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...