Cryptomining Campaign Leverages MS Exchange Server Flaw
Twitter
Get Permission
A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency from various organizations across the world, a new report by security firm Cybereason finds.
Cybereason notes the Russian campaign is targeting victim organizations to install monero cryptominer on corporate endpoints, adding that the group appears to be financially-motivated.
"The threat actor appears to be Russian speaking and is purposely avoiding infections in former Soviet bloc countries," Cybereason notes. "The main objective of Prometei is to install the Monero crypto miner on corporate endpoints. To spread across networks, the threat actor is using known Microsoft Exchange vulnerabilities, in addition to known exploits EternalBlue and BlueKeep."