24 April 21, 07:47
Quote:A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat (APT) cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets.
It’s also highly complex and sophisticated, researchers noted. While cryptojacking is its current game, Cybereason researchers warned that Prometei (the Russian word for Prometheus, the Titan god of fire from the Greek mythology) gives attackers complete control over infected machines, which makes it capable of doing a wide range of damage.
“If they wish to, they can steal information, infect the endpoints with other malware or even collaborate with ransomware gangs by selling the access to the infected endpoints,” Cybereason researcher Lior Rochberger noted in an analysis released Thursday. “[And] since cryptomining can be resource-hogging, it can affect the performance and stability of critical servers and endpoints, ultimately affecting business continuity.”
The report noted that Cybereason has recently seen wide swathes of Prometei attacks on a variety of industries, including construction, finance, insurance, manufacturing, retail, travel and utilities. Geographically speaking, it has been observed infecting networks in the U.S., U.K. and many other European countries, as well as countries in South America and East Asia. It was also observed that the threat actors appear to be explicitly avoiding infecting targets in former Soviet-bloc countries.
“The victimology is quite random and opportunistic rather than highly targeted, which makes it even more dangerous and widespread,” Rochberger said.
Read more: Prometei Botnet Could Fire Up APT-Style Attacks | Threatpost