Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
Researchers report Russian attackers are using Microsoft Exchange Server vulnerabilities to take over machines and add them to the Prometei botnet.
The attacks take advantage of the recently patched Microsoft Exchange Server vulnerabilities that were also exploited in the Hafnium attacks first uncovered in March. The Cybereason Nocturnus Team says this new campaign targets organizations with a multi-stage attack that aims to steal processing power to mine bitcoin.
"The Prometei Botnet poses a big risk for companies because it has been under-reported," said Assaf Dahan, senior director and head of threat research, Cybereason, in a statement. "When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but can also exfiltrate sensitive information as well."
Prometei was first reported in July 2020, but researchers believe that the botnet actually dates back to at least 2016. It continues to evolve with new features and tools, they report.
Cybereason says it has seen a wide range of victims in several countries and in multiple industries, including finance, insurance, retail, and manufacturing.
The full report on the attacks can be found here.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024