GhostContainer backdoor for Exchange servers | Securelist

A sophisticated backdoor, GhostContainer, was discovered targeting Exchange servers in government environments. The malware, likely exploiting a known N-day vulnerability, grants attackers full control over the Exchange server, enabling various malicious activities. The backdoor, utilizing open-source projects, disguises itself as a common server component and can function as a proxy or tunnel, potentially exposing internal networks to external threats.