It mostly infects Microsoft Exchange servers.
ESET is reporting that a malware called LightNeuron is currently targeting Microsoft Exchange servers in which it is able to read, block or modify that goes through the mail server. It is also said that LightNeuron can also compose emails and use any legitimate user as the sender.
ESET said that LightNeuron has been attacking mail servers since 2014, some of which are big organizations that include a ministry of foreign affairs somewhere in Eastern Europe and even a regional diplomatic organization here in the Middle East. ESET adds that LightNeuron belongs to the infamous espionage group Turla, which is also known as Snake.
“In the mail server architecture, LightNeuron can operate at the same level of trust as security products such as spam filters. As a result, this malware gives the attacker total control over the mail server – and thus, overall email communication,” explains Matthieu Faou, the ESET malware researcher who conducted the research about LightNeuron.
It makes things complicated because removing LightNeuron is no easy task since removing malicious files can break the mail server. Faou recommends that administrators read the research paper on how to tackle infected servers. The paper called Turla LightNeuron: One Email Away from Remote Code Execution, can be accessed on GitHub.