While investigating attacks targeting a government entity in the UAE, Fortinet researchers also discovered an implant on Microsoft Exchange servers which was a novel web shell, dubbed ExchangeLeech, due to its unique ability to harvest credentials.
Source: cyware.com