Owowa

Image sourced from Discover Germany Kaspersky has uncovered a previously unknown IIS module (a piece of software aimed at providing additional features to Microsoft web servers) they have since dubbed Owowa that steals credentials entered by a user when logging into Outlook Web Access (OWA); it also allows the attackers to gain remote control access to the underlying server. Compiled sometime between late 2020 and April 2021, this module is a stealthy theft method that is difficult to detect with network monitoring. It’s also resistant to software updates from Exchange, meaning it can stay hidden on a device for a long time. In 2021, advanced threat actors were increasingly exploiting vulnerabilities of Microsoft Exchange Server. In March, four critical vulnerabilities in the servers allow...