LightNeuron is the first to target Microsoft Exchange transport agents — and is used as a hub for major Turla APT espionage efforts.
LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers, has flown under the radar since at least 2014, despite being the malware linchpin at the center of several targeted campaigns.
A fresh analysis of the recently uncovered code shows that it’s the first publicly known malware to use a malicious Microsoft Exchange Transport Agent – but the extraordinarily clever way that LightNeuron conceals itself is the most notable aspect of the report.
LightNeuron (likely designed by the Turla APT group) was spotted by ESET researchers in recent campaigns against diplomatic organizations in Eastern Europe (October 2018) and the Middle East (a regional diplomatic office in 2017). The firm’s analysis shows that LightNeuron can spy on, modify or block all emails going through a compromised mail server; and can execute commands sent by email while acting as a full-featured backdoor for remote code-execution.