The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet.
One perpetrator of the latter activities is Prometei, a cross-platform (Windows, Linux), modular Monero-mining botnet that seems to have flown under the radar for years.
The attackers’ modus operandi
Cybereason incident responders have witnessed instances of the botnet enslaving endpoints of companies across the globe, in a variety of industries.
“The victimology is quite random and opportunistic rather than highly targeted, which makes it even more dangerous and widespread,” shared Lior Rochberger, senior threat researcher at Cybereason.
One thing that the responders noticed, though, is that the botnet avoids targets in former Soviet bloc countries. For these reasons and others, they believ ..
Support the originator by clicking the read the rest link below.
