Security News > 2021 > April > Botnet backdoors Microsoft Exchange servers, mines cryptocurrency
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots.
Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.
The main focus of Prometei's attacks on Exchange servers is to deploy the cryptomining payload, start earning money for its operators, and spread to other devices on the network using EternalBlue and BlueKeep exploits, harvested credentials, and SSH or SQL spreader modules.
"As observed in the recent Prometei attacks, the threat actors rode the wave of the recently discovered Microsoft Exchange vulnerabilities and exploited them in order to penetrate targeted networks," the Cybereason Nocturnus Team added.
According to stats shared by Microsoft last month, roughly 92% of all Internet-connected on-premises Exchange servers affected by these vulnerabilities are now patched and safe from attacks.
Adding to that, Microsoft Defender Antivirus automatically protects unpatched Exchange servers from ongoing attacks by automatically mitigating the vulnerabilities.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)