Lucene search
K

15 matches found

HackRead
HackRead
added 2026/02/08 4:42 p.m.6 views

UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server

Cybersecurity firm eSentire's TRU break down the Russian Prometei botnet attack on a UK firm, detailing its TOR usage, password theft and decoy tactics...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/26 9:6 a.m.33 views

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

7.5AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/10/23 12:0 a.m.18 views

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflict...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/03/16 6:36 a.m.25 views

Revamped Prometei Botnet Version Infects Over 10,000 Systems

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Prometei v3 botnet, an upgraded version of the Prometei botnet malware, has compromised over 10,000 systems mining the Monero cryptocurrency. To receive real-time threat advisories, please follow...

3.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/10 2:2 p.m.2 views

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/10 2:2 p.m.59 views

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

1.9AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/09 1:2 p.m.90 views

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...

10CVSS10.4AI score0.99999EPSS
Exploits123
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/05/06 12:0 a.m.15 views

Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party

Our telemetry showed three malware families taking advantage of the ProxyLogon vulnerability beginning in March: the coinminer LemonDuck was sighted first, quickly followed by the ransomware BlackKingdom, then the Prometei botnet...

7AI score
Exploits0
HackRead
HackRead
added 2021/04/23 6:8 p.m.87 views

Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

By Waqas Unpatched MS Exchange Servers are being hunted by Prometei botnet to expand its army of Monero cryptocurrency mining bots. This is a post from HackRead.com Read the original post: Prometei botnet uses NSA exploit, hits unpatched MS exchange servers...

1.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/04/23 5:15 p.m.161 views

Prometei Botnet Could Fire Up APT-Style Attacks

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat APT cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. It’s also highly...

6.8CVSS0.99946EPSS
Exploits31References13
The Hacker News
The Hacker News
added 2021/04/23 7:42 a.m.408 views

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate...

7.8CVSS0.7AI score0.99946EPSS
Exploits31
Securelist
Securelist
added 2020/10/22 10:0 a.m.875 views

On the trail of the XMRig miner

As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions previously unseen by us were detected during our analysis of the open source miner XMRig. How it all began: ransominer Alongside well-kno...

7.2CVSS0.1AI score0.37164EPSS
Exploits14
Talos Blog
Talos Blog
added 2020/08/05 2:53 a.m.38 views

Prometei botnet and its quest for Monero

By Vanja Svajcer. NEWS SUMMARYWe are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Prometei"...

2.3AI score
Exploits0
HackRead
HackRead
added 2020/07/23 10:8 p.m.40 views

Cryptojacking botnet Prometei uses NSA exploit to steal data, mine Monero

By Waqas Prometei botnet targets Windows devices. Cisco Talos' threat intelligence team published a report revealing startling details of how cybercriminals are continually reinventing the way they can monetize their malicious tools and techniques. Reportedly, Cisco Talos researchers discovered a...

1.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/07/23 11:0 a.m.18 views

Threat Source newsletter for July 23, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new...

1.7AI score
Exploits0
Rows per page
Query Builder