Prometei Botnet Adds New Twist to Exchange Server Attacks

Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.

Dark Reading Staff, Dark Reading

April 23, 2021

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Researchers report Russian attackers are using Microsoft Exchange Server vulnerabilities to take over machines and add them to the Prometei botnet.

The attacks take advantage of the recently patched Microsoft Exchange Server vulnerabilities that were also exploited in the Hafnium attacks first uncovered in March. The Cybereason Nocturnus Team says this new campaign targets organizations with a multi-stage attack that aims to steal processing power to mine bitcoin.

"The Prometei Botnet poses a big risk for companies because it has been under-reported," said Assaf Dahan, senior director and head of threat research, Cybereason, in a statement. "When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but can also exfiltrate sensitive information as well."

Prometei was first reported in July 2020, but researchers believe that the botnet actually dates back to at least 2016. It continues to evolve with new features and tools, they report.

Cybereason says it has seen a wide range of victims in several countries and in multiple industries, including finance, insurance, retail, and manufacturing.

The full report on the attacks can be found here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights