Notorious Russian hacking group Turla is using a highly sophisticated backdoor as part of a cyber espionage campaign targeting email servers, ESET researchers have discovered.

The backdoor, dubbed LightNeuron, is the first of its kind “to be directly integrated into the working flow of Microsoft Exchange,” one of the researchers told ZDNet. Once installed, the backdoor provides the attackers with full control over the input and output of a mailserver. In other words, threat actors can read, modify, redirect and block emails sent to the server.

LightNeuron is the most powerful backdoor ever to target mailservers and has been used by Turla since 2014. It was discovered by Kaspersky Lab in mid-2018, but ESET is the first firm to publish a proper analysis of the hacking tool. The Russian advanced persistent threat (APT) group is using LightNeuron as part of an ongoing campaign that has already hit at least three organizations according to ESET, including the Foreign Affairs Ministry of an unidentified country in Eastern Europe.

Read more: Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor