Prometei Botnet Adds New Twist to Exchange Server Attacks
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
Researchers report Russian attackers are using Microsoft Exchange Server vulnerabilities to take over machines and add them to the Prometei botnet.
The attacks take advantage of the recently patched Microsoft Exchange Server vulnerabilities that were also exploited in the Hafnium attacks first uncovered in March. The Cybereason Nocturnus Team says this new campaign targets organizations with a multi-stage attack that aims to steal processing power to mine bitcoin.
"The Prometei Botnet poses a big risk for companies because it has been under-reported," said Assaf Dahan, senior director and head of threat research, Cybereason, in a statement. "When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but can also exfiltrate sensitive information as well."
Prometei was first reported in July 2020, but researchers believe that the botnet actually dates back to at least 2016. It continues to evolve with new features and tools, they report.
Cybereason says it has seen a wide range of victims in several countries and in multiple industries, including finance, insurance, retail, and manufacturing.
The full report on the attacks can be found here.
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024