REF2924 Brings a New Weapon NAPLISTENER to the Table

The REF2924 threat cluster was observed dropping a previously-unseen malware, dubbed NAPLISTENER, on entities in Southeast and South Asia. The malware evades network-based forms of detection. Actors target Microsoft Exchange Servers exposed to the internet to deploy several backdoors, including SIESTAGRAPH, DOORME, and ShadowPad.