CrowdStrike encountered a previously undocumented post-exploitation framework called IceApple deployed on Exchange servers for data exfiltration. Its long-running campaign focuses on intelligence gathering and indicates that it is a state-sponsored mission, allegedly, aligning with China-nexus, state-sponsored intrusions. Hence, it is imperative that all web apps are patched on a regular basis to prevent IceApple from compromising your network.
Support the originator by clicking the read the rest link below.
