Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators’ army of Monero (XMR) cryptocurrency mining bots. This modular malware can infect both Windows and Linux systems, and it was first spotted last year while using the EternalBlue exploit to spread across compromised networks and enslave vulnerable Windows computers.
Posts Tagged: Exchange
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector.
Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021. National CSIRT-CY is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script as soon as possible to help determine whether their systems are… Read more »
Microsoft’s Defender ATP Research Team today issued guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection. The Microsoft researchers based their analysis on multiple campaigns of Exchange attacks investigated during early April which showed how the malicious actors deploying web shells on on-premises… Read more »