Researchers report Russian attackers are using Microsoft Exchange Server vulnerabilities to take over machines and add them to the Prometei botnet.
The attacks take advantage of the recently patched Microsoft Exchange Server vulnerabilities that were also exploited in the Hafnium attacks first uncovered in March. The Cybereason Nocturnus Team says this new campaign targets organizations with a multi-stage attack that aims to steal processing power to mine bitcoin.
"The Prometei Botnet poses a big risk for companies because it has been under-reported," said Assaf Dahan, senior director and head of threat research, Cybereason, in a statement. "When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but can also exfiltrate sensitive information as well."
Prometei was first reported in July 2020, but researchers believe that the botnet actually dates back to at least 2016. It continues to evolve with new features and tools, they report.
Cybereason says it has seen a wide range of victims in several countries and in multiple industries, including finance, insurance, retail, and manufacturing.
The full report on the attacks can be found here.