LightNeuron Backdoor Gives Hackers Exchange Access

By Priasoft Editorial Team · Published October 22, 2021 · Updated April 23, 2026

Cyberespionage group, Turla, has reportedly developed a sophisticated Microsoft Exchange server backdoor that can redirect, intercept and modify email that is believed to have been in use since 2014. In addition, the exploit can also send messages on behalf of the compromised servers. According to the ESET report, LightNeuron has two main components: a Transport Agent, registered in the Microsoft Exchange configuration, and a DLL with most of the malicious code. Administrative privileges are required to drop the required files onto the Microsoft Exchange server before execution. Once successfully executed, the hackers that installed the backdoor can issue orders using JPG or PDF attachments with commands embedded via steganography. To learn more, see the detailed ESET report.

Ready to Talk Through Your Migration?

Priasoft has been handling Exchange and Microsoft 365 migrations since 1999. Whether you're scoping a new project or recovering from a stalled one, our engineers have seen it before. No sales pitch — just a working conversation with people who have done this work at scale.

Speak With an Engineer Download a Free Trial