Security News > 2021 > April > Botnet backdoors Microsoft Exchange servers, mines cryptocurrency
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots.
Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.
The main focus of Prometei's attacks on Exchange servers is to deploy the cryptomining payload, start earning money for its operators, and spread to other devices on the network using EternalBlue and BlueKeep exploits, harvested credentials, and SSH or SQL spreader modules.
"As observed in the recent Prometei attacks, the threat actors rode the wave of the recently discovered Microsoft Exchange vulnerabilities and exploited them in order to penetrate targeted networks," the Cybereason Nocturnus Team added.
According to stats shared by Microsoft last month, roughly 92% of all Internet-connected on-premises Exchange servers affected by these vulnerabilities are now patched and safe from attacks.
Adding to that, Microsoft Defender Antivirus automatically protects unpatched Exchange servers from ongoing attacks by automatically mitigating the vulnerabilities.
News URL
Related news
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)