An attack on Microsoft's Outlook Web Application (OWA) allowed hackers to obtain login credentials through a malicious DLL file they were able to load on the server.
The attack was revealed by Cybereason security company when Microsoft requested its services.
Microsoft's Outlook Web Application (OWA) is an online portal webmail server, which exists as feature of Microsoft Exchange Server. Exchange Server allows companies as well as individuals to run the operating system system to develop their own electronic services post officeU.
As Cybereason security company explains, attackers replaced OWAAUTH.dll with one that contained a backdoor. So they were able to collect information from the local Directory Server authentication procedures (a server that manages the common authentication procedures).
So while all the authentication procedures were working correctly on the Outlook Web Application server using SSL / TLS encryption, the DLL file allowed hackers to obtain all the sign-in information in plain text format after the DLL has access before the encryption stage.
All recorded data was stored in a log.txt file on the server. Her researchers Cybereason discovered more than 11.000 user names and passwords in this file. The company running the OWA server has about 19.000 employees.
Hackers are reportedly taking measures to prevent the attack from being revealed, but if the backdoor is found to be difficult to remove. They created a filter on IIS (Microsoft Web Server) through which they uploaded the malicious OWAAUTH.dll file whenever the server was restarted.