Security News > 2021 > April > Botnet backdoors Microsoft Exchange servers, mines cryptocurrency
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots.
Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.
The main focus of Prometei's attacks on Exchange servers is to deploy the cryptomining payload, start earning money for its operators, and spread to other devices on the network using EternalBlue and BlueKeep exploits, harvested credentials, and SSH or SQL spreader modules.
"As observed in the recent Prometei attacks, the threat actors rode the wave of the recently discovered Microsoft Exchange vulnerabilities and exploited them in order to penetrate targeted networks," the Cybereason Nocturnus Team added.
According to stats shared by Microsoft last month, roughly 92% of all Internet-connected on-premises Exchange servers affected by these vulnerabilities are now patched and safe from attacks.
Adding to that, Microsoft Defender Antivirus automatically protects unpatched Exchange servers from ongoing attacks by automatically mitigating the vulnerabilities.
News URL
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)