Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

According to researchers, there are separate Prometei botnet versions available for Linux and Windows-based systems.


According to a report from Cybereason, unpatched MS Exchange Servers are being hunted by Prometei botnet to expand its army of Monero cryptocurrency mining bots. It doesn’t come as a surprise because the vulnerabilities CVE-2021-27065 and CVE-2021-26858 identified in MS Exchange Servers have made it easier for cybercriminals to exploit the service.


The vulnerabilities are linked to a state-sponsored APT group, Hafnium, that exploited them in MS Exchange Server attacks in March 2021. The perpetrators of this campaign are yet unknown, but Cybereason suspects that the threat actors are Russian as they speak Russian and Prometei is also a Russian term for Prometheus.


Broad Range of Sectors Affected by the Botnet


Prometei botnet threatens various industries as threat actors are looking to deploy malware and credential-stealing tools on compromised devices. According to researchers, sectors like finance, retail, insurance, manufacturing, construction, and travel, etc., are highly vulnerable.


SEE: Cryptojacking botnet Prometei uses NSA exploit to steal data, mine Monero


Moreover, Prometei botnet operators leverage MS Exchange vulnerabilities to target networks in the USA, UK, South America, East Asia, and some European countries. However, Cybereason researchers noted that the attackers are avoiding targets in the Soviet bloc.

How Prometei Attacks MS Exchange Users?


Pr ..

Support the originator by clicking the read the rest link below.