Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
Researchers report Russian attackers are using Microsoft Exchange Server vulnerabilities to take over machines and add them to the Prometei botnet.
The attacks take advantage of the recently patched Microsoft Exchange Server vulnerabilities that were also exploited in the Hafnium attacks first uncovered in March. The Cybereason Nocturnus Team says this new campaign targets organizations with a multi-stage attack that aims to steal processing power to mine bitcoin.
"The Prometei Botnet poses a big risk for companies because it has been under-reported," said Assaf Dahan, senior director and head of threat research, Cybereason, in a statement. "When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but can also exfiltrate sensitive information as well."
Prometei was first reported in July 2020, but researchers believe that the botnet actually dates back to at least 2016. It continues to evolve with new features and tools, they report.
Cybereason says it has seen a wide range of victims in several countries and in multiple industries, including finance, insurance, retail, and manufacturing.
The full report on the attacks can be found here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024