skip to Main Content

Cybercrime, Prometei botnet exploits some Microsoft Exchange vulnerabilities

Cybereason cybersecurity experts: Prometei botnet exploits some Microsoft Exchange vulnerabilities. The malware can infect both Windows and Linux systems and has been upgraded with backdoor capabilities

The Prometei botnet now exploits some of the vulnerabilities in Microsoft Exchange that were part of the China-linked HAFNIUM attacks. It has been discovered by Cybereason cybersecurity experts. The malware can infect both Windows and Linux systems, and it was first spotted last year while using the EternalBlue exploit to spread across compromised networks and enslave vulnerable Windows computers. According to Bleeping Computer, the main focus of Prometei’s attacks on Exchange servers is to deploy the cryptomining payload, start earning money for its operators, and spread to other devices on the network using EternalBlue and BlueKeep exploits, harvested credentials, and SSH or SQL spreader modules. Furthermore, it has been upgraded with backdoor capabilities with support for an extensive array of commands. These include downloading and executing files, searching for files on infected systems, and executing programs or commands on behalf of the attackers.

Back To Top