Bleeping Computer

Hackers steal Microsoft Exchange credentials using IIS module

Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. The ...
ZDNet

Microsoft warns of stealthy backdoors used to target Exchange Servers

There's been an uptick in malware native to Microsoft's Internet Information Services (IIS) web server that is being used to install backdoors or steal credentials and is hard to detect, warns ...
Threat Post

Malicious Exchange Server Module Hoovers Up Outlook Credentials

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. Researchers have uncovered a previously unknown malicious ...
Bleeping Computer

Microsoft Exchange servers increasingly hacked with IIS backdoors

Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web ...
techtimes

Microsoft's Latest Research Shows How Hackers Use Malicious IIS Extensions as Backdoor to Servers

Hackers are now reportedly using Internet Information Services or IIS extensions as backdoors to getting into servers as it helps them hide deep in the environments they want to target and gives a ...
CSO Online

‘Ink Dragon’ threat group targets IIS servers to build stealthy global network

A Chinese-linked threat group identified as “Ink Dragon” is targeting common weaknesses in Internet Information Services (IIS) servers to build a global espionage network that is difficult to track or ...