Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities


Recently, the Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange vulnerabilities (CVE-2021-27065 and CVE-2021-26858) in order to penetrate the network and install malware.

Prometei is a modular and multi-stage cryptocurrency botnet that was first discovered in July 2020 which has both Windows and Linux versions. To achieve their goal of mining Monero coins, Prometei uses different techniques and tools, ranging from Mimikatz to SMB and RDP exploits and other tools that all work together to propagate across the network.

Read more…