Expert Commentary: Prometei Botnet Exploits Exchange Server Bugs To Grow

GhostToken GCP Bug Gives Entry To Attackers Into Google Accounts

Security researchers have discovered that a persistent cryptocurrency mining botnet is exploiting still-unpatched Microsoft Exchange servers to grow globally. Dubbed “Prometei,” the botnet was first reported on in July 2020 and is thought to have been around since 2016, according to Cybereason Nocturnus. However, the research team found a new development in that the threat actors behind it have been exploiting Microsoft Exchange vulnerabilities CVE-2021-27065 and CVE-2021-26858 to penetrate victim networks, steal credentials and install malware. These bugs are part of the four zero-days patched by Microsoft back in March after being exploited by Chinese APT group Hafnium.

About the Author

ISBuzz Team

The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

Cyware and ECS Partner to Enhance Government Cybersecurity with Advanced Threat Intel Exchange

Analysis of ENISA’s 2024 Threat Landscape Report: Key Takeaways and Implications

Advanced surveillance is key to countering emerging global threats

Working With Us

Write For Us

The Pages

Expert Commentary: Prometei Botnet Exploits Exchange Server Bugs to Grow