Hackers Exploit 70+ Microsoft Exchange Servers to Deploy Keyloggers for Credential Theft
June 24, 2025
Vulnerability / Malware
Unidentified threat actors have been targeting publicly exposed Microsoft Exchange servers to inject malicious code into login pages for credential harvesting. A recent analysis by Positive Technologies revealed two types of JavaScript keyloggers on the Outlook login page: one that saves captured data to a locally accessible file and another that transmits it directly to an external server. The Russian cybersecurity firm reported that these attacks affected 65 victims across 26 countries and continue a campaign first noted in May 2024, which targeted organizations in Africa and the Middle East. Initial findings indicated at least 30 victims among government agencies, banks, IT firms, and educational institutions, with evidence of compromises dating back to 2021. The attack chains exploit known vulnerabilities in Microsoft systems.
Vulnerability / Malware
Cybersecurity Alert: Hackers Compromise Over 70 Microsoft Exchange Servers to Capture Credentials Date: June 24, 2025 In a concerning development for organizations reliant on Microsoft Exchange, unidentified threat actors have been targeting publicly accessible servers to deploy malicious code on login pages designed to capture user credentials. A recent analysis…
Hackers Exploit 70+ Microsoft Exchange Servers to Deploy Keyloggers for Credential Theft
June 24, 2025
Vulnerability / Malware
Unidentified threat actors have been targeting publicly exposed Microsoft Exchange servers to inject malicious code into login pages for credential harvesting. A recent analysis by Positive Technologies revealed two types of JavaScript keyloggers on the Outlook login page: one that saves captured data to a locally accessible file and another that transmits it directly to an external server. The Russian cybersecurity firm reported that these attacks affected 65 victims across 26 countries and continue a campaign first noted in May 2024, which targeted organizations in Africa and the Middle East. Initial findings indicated at least 30 victims among government agencies, banks, IT firms, and educational institutions, with evidence of compromises dating back to 2021. The attack chains exploit known vulnerabilities in Microsoft systems.