{"id":121881,"date":"2021-04-23T22:24:07","date_gmt":"2021-04-24T05:24:07","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/04\/prometei-botnet-exploiting-unpatched-microsoft-exchange-servers"},"modified":"2021-04-23T22:24:07","modified_gmt":"2021-04-24T05:24:07","slug":"prometei-botnet-exploiting-unpatched-microsoft-exchange-servers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/04\/prometei-botnet-exploiting-unpatched-microsoft-exchange-servers","title":{"rendered":"Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/prometei-botnet-exploiting-unpatched-microsoft-exchange-servers2.jpg\"><\/a><\/p>\n<p>Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research.<\/p>\n<p>\u201cPrometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more,\u201d Boston-based cybersecurity firm Cybereason <a href=\"https:\/\/www.cybereason.com\/blog\/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities\" rel=\"noopener\" target=\"_blank\">said<\/a> in an analysis summarizing its findings.<\/p>\n<p>First documented by Cisco Talos in July 2020, <a href=\"https:\/\/blog.talosintelligence.com\/2020\/07\/prometei-botnet-and-its-quest-for-monero.html\" rel=\"noopener\" target=\"_blank\">Prometei<\/a> is a multi-modular botnet, with the actor behind the operation employing a wide range of specially-crafted tools and known exploits such as EternalBlue and BlueKeep to harvest credentials, laterally propagate across the network and \u201cincrease the amount of systems participating in its Monero-mining pool.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. \u201cPrometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more,\u201d Boston-based cybersecurity firm Cybereason said in an analysis [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34],"tags":[],"class_list":["post-121881","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/121881","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=121881"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/121881\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=121881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=121881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=121881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}