{"id":47721,"date":"2022-07-27T10:50:00","date_gmt":"2022-07-27T10:50:00","guid":{"rendered":"http:\/\/d1085f1b-1dc5-438d-b6de-91c27b1f4ee5"},"modified":"2022-07-27T10:50:00","modified_gmt":"2022-07-27T10:50:00","slug":"microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/","title":{"rendered":"Microsoft warns of stealthy backdoors used to target Exchange Servers"},"content":{"rendered":"<figure class=\"c-shortcodeImage u-clearfix c-shortcodeImage-large\">\n<div class=\"c-shortcodeImage_imageContainer\">\n<div class=\"c-shortcodeImage_image\"><picture class=\"c-cmsImage\"><!----> <img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/\" alt=\"tech-workers-office-developers-desk-collaboration.jpg\" height=\"800.8898776418242\" width=\"1200\"><\/picture><\/div>\n<p> <!----> <!----><\/div>\n<p> <!----><figcaption> <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall g-color-gray70 u-block g-text-xsmall\">Image: Getty\/10&#8217;000 Hours<\/span><\/figcaption><\/figure>\n<p>There&#8217;s been an uptick in malware native to Microsoft&#8217;s Internet Information Services (IIS) web server that is being used to install backdoors or steal credentials and is hard to detect, warns Microsoft.&nbsp;<\/p>\n<p>Microsoft has offered insights into how to spot and remove malicious IIS extensions, which aren&#8217;t as <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-patch-your-exchange-servers-theyre-under-attack\/\" rel=\"follow\">popular as web shells<\/a> as a payload for Exchange servers, but are useful to an attacker as they &#8220;mostly reside in the same directories as legitimate modules used by target applications, and they follow the same code structure as clean modules,&#8221; <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/07\/26\/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Microsoft notes<\/a>.&nbsp;<\/p>\n<div class=\"c-shortcodePinbox-textList c-shortcodePinbox-textList_floating g-border-thin-light-bottom g-outer-spacing-top-medium g-outer-spacing-bottom-medium\">\n<h3 class=\"c-sectionHeading\"> More Microsoft <\/h3>\n<\/p><\/div>\n<p>As such, they might not be seen as malicious and identifying the source of an infection can be difficult. Key target IIS-hosted applications are Outlook on the Web and Microsoft Exchange Server, which, if compromised, can give an attacker complete access to a target&#8217;s email communications. &nbsp;<\/p>\n<p><strong>SEE:&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/these-are-the-biggest-cybersecurity-threats-make-sure-you-arent-ignoring-them\/\" rel=\"follow\">These are the biggest cybersecurity threats. Make sure you aren&#8217;t ignoring them<\/a><\/strong><\/p>\n<p>Security company ESET last year&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2021\/08\/06\/anatomy-native-iis-malware\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">found<\/a> 80 unique malicious IIS modules belonging to 14 malware families, most of which were previously undocumented. These included IIS backdoors, info stealers, injectors, proxies for C&amp;C infrastructure, and modules that fraudulently modify content served to search engines. In all cases, the IIS malware intercepted HTTP requests incoming from the compromised IIS server and affected how the server responds to certain requests.&nbsp; &nbsp; &nbsp;<\/p>\n<p>Microsoft says IIS extension attacks typically start by the attacker exploiting a critical flaw in the hosted application and then drop a web shell. At some point after deploying the web shell, the attacker installs an IIS backdoor for stealthy, persistent access to the server.&nbsp;<\/p>\n<p>In a campaign targeting Exchange servers between January and May 2022, Microsoft saw attackers installing customized IIS modules.&nbsp;<\/p>\n<p>&#8220;Once registered with the target application, the backdoor can monitor incoming and outgoing requests and perform additional tasks, such as running remote commands or dumping credentials in the background as the user authenticates to the web application,&#8221; Microsoft explains.<\/p>\n<p>Between March and June 2021, ESET observed a wave of IIS backdoors spread via the Exchange ProxyLogon pre-authentication remote code execution vulnerabilities (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-26855\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2021-26855<\/a>,&nbsp;<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-26857\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2021-26857<\/a>,&nbsp;<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-26858\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2021-26858<\/a>, and&nbsp;<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-27065\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2021-27065<\/a>).&nbsp;<\/p>\n<p>&#8220;Targeted specifically were Exchange servers that have&nbsp;<em>Outlook on the web<\/em>&nbsp;(aka OWA) enabled \u2013 as IIS is used to implement OWA, these were a particularly interesting target for espionage,&#8221; ESET noted.<\/p>\n<p>Microsoft provides incident response teams with details about how IIS works and the types of attacks it&#8217;s seen, so customers can defend against them. Microsoft expects attackers will increasingly use IIS backdoors in future.<\/p>\n<p>IIS is a modular web server that is a core part of the Windows platform. Users can customize IIS web servers as needed using extensions written in native (C\/C++) and managed (C#, VB.NET) code structures. Microsoft focusses on C#, VB.NET extensions.&nbsp;<\/p>\n<p>Microsoft&#8217;s technical rundown of how attackers use customer IIS backdoors cover command runs, credential access, remote access and exfiltration.&nbsp;<\/p>\n<p><strong>SEE:&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/these-are-the-cybersecurity-threats-of-tomorrow-that-you-should-be-thinking-about-today\/\" rel=\"follow\">These are the cybersecurity threats of tomorrow that you should be thinking about today<\/a><\/strong><\/p>\n<p>The main malicious .NET IIS extensions over the past year included:&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/hafniums-china-chopper-a-slick-and-tiny-web-shell-for-creating-server-backdoors\/\" rel=\"follow\">web shells used by the likes of Hafnium\/China Chopper<\/a>, the Chinese state-sponsored group exploiting Exchange zero-days; open-source IIS backdoor GitHub projects that are intended for red team exercises and lifted by attackers for their activity; IIS handlers that can be configured to respond to certain extensions or requests; and credential stealers, which monitor for specific requests to determine a sign-in activity.<\/p>\n<p>Besides applying all software updates and running antivirus, Microsoft recommends reviewing highly privileged account groups like admins, remote desktop users, and enterprise admins. It also recommends enabling multi-factor authentication, restricting access to what&#8217;s needed, and avoiding the use of domain-wide, admin-level service accounts.&nbsp;<\/p>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft is warning Outlook on the Web and Exchange Server customers to watch out for more malicious IIS extensions.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-47721","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft warns of stealthy backdoors used to target Exchange Servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft warns of stealthy backdoors used to target Exchange Servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-27T10:50:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft warns of stealthy backdoors used to target Exchange Servers\",\"datePublished\":\"2022-07-27T10:50:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/\"},\"wordCount\":654,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\\\/\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/\",\"name\":\"Microsoft warns of stealthy backdoors used to target Exchange Servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\\\/\",\"datePublished\":\"2022-07-27T10:50:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\\\/\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\\\/\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft warns of stealthy backdoors used to target Exchange Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft warns of stealthy backdoors used to target Exchange Servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft warns of stealthy backdoors used to target Exchange Servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-07-27T10:50:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft warns of stealthy backdoors used to target Exchange Servers","datePublished":"2022-07-27T10:50:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/"},"wordCount":654,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/","name":"Microsoft warns of stealthy backdoors used to target Exchange Servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/","datePublished":"2022-07-27T10:50:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#primaryimage","url":"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/","contentUrl":"https:\/\/www.zdnet.com\/article\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers-email\/"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-warns-of-stealthy-backdoors-used-to-target-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft warns of stealthy backdoors used to target Exchange Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47721"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47721\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}