Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor

Last updated: July 5, 2023 Reading time: 2 minutes

Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaign discovered by Russian cybersecurity firm Kaspersky.

The threat actors exploited the above vulnerabilities to gain access to the industrial control systems (ICS) of telecommunications companies in Pakistan and Afghanistan, as well as a logistics and transportation company in Malaysia, according to a company advisory released on Monday.

In October 2021, Kaspersky discovered that hackers were exploiting the CVE-2021-26855 vulnerability in Microsoft Exchange to gain access to user data. In spite of this, signs of the attacks on the affected systems appear to date back to March of this year.

“During the investigation, researchers uncovered larger-scale activity by the threat actor in the network of the telecommunications company and also identified other victims of the campaign,”