Massive global botnet takes advantage of Microsoft Exchange vulnerabilities
Microsoft Exchange exploits continue to cause issues
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security experts have discovered a large-scalecryptocurrencybotnet targeting theMicrosoft Exchangevulnerabilities associated with the recent Hafnium attacks. Dubbed Prometei, the botnet was unearthed by researchers from the Cybereason Nocturnus team.
The threat actors behind the botnet are piggybacking on four zero-day vulnerabilities in theMicrosoftExchangeemailserver, collectively referred to as theProxyLogon vulnerabilities, that were first exploited by Chinese state-sponsored threat actors known as Hafnium.
Despite various efforts, including Microsoft’sone-click toolto patch the vulnerabilities and theFBI’s actions to remove backdoorsfrom hacked servers, attackers still sense enough opportunity to exploit the vulnerabilities. In fact, Cybereason’s research highlights victims across a variety of industries and from countries all around the world.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
“The Prometei Botnet poses a big risk for companies because it has been under reported. When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but could exfiltrate sensitive information as well,” said Assaf Dahan, Senior Director and Head of Threat Research, Cybereason.
Lethal threat
Cybereason shares that Prometei has versions for both Windows andLinux installations, and it selects the appropriate payload based on theoperating systemon the targeted machine.
The threat actors, who are Russian speakers as per Cybereason’s research, use the botnet to install the Monerocrypto-mineron corporate endpoints.
In addition to the Microsoft Exchange vulnerabilities, they also make use of the EternalBlue and BlueKeep exploits to move across networks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In herbreakdown of the Prometei botnet, Lior Rochberger, a threat researcher at Cybereason, warns that the threat actors can also infect the compromised endpoints with othermalwareand might even sell access to the endpoints toransomwaregangs, which makes it a fairly lethal threat.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Forget the 6,000mAh OnePlus 13 – we could see a OnePlus phone with a 7,000mAh battery
