A botnet is using Exchange server vulnerabilities to mine cryptocurrency on infected PCs
The latest attack on unpatched Exchange servers is a reminder of the importance of actively securing systems.
What you need to know
- Cyber attackers are using a botnet to mine cryptocurrency off of people's PCs.
- The botnet scans the web for organizations that have not patched vulnerabilities in Microsoft Exchange servers.
- The botnet can use the processing power of PCs to mine for Monero.
The Microsoft Exchange server drama continues. While patches are available and efforts have been taken to mitigate and fix vulnerabilities in Microsoft Exchange servers, a new botnet is on the hunt for unpatched servers. Prometei is a cryptocurrency botnet that's being used to target organizations around the world. The botnet scans the web for organizations that haven't applied patches to fix vulnerabilities to work itself into networks.
Cybersecurity researchers at Cybereason detail the malware attack (via ZDNet). One of the key findings of Cybereason is that Prometei exploits the vulnerabilities associated with the HAFNIUM attacks. The botnet uses these vulnerabilities to work itself into networks, which allows it to harvest information and mine for the Monero cryptocurrency.
Once Prometei works itself way into a network, it can use several techniques to move around, including harvesting login credentials, exploiting RDP vulnerabilities, and using older exploits. These techniques can be used to infect several machines.
The vast majority of organizations have installed patches or mitigated vulnerabilities in Exchange servers associated with the HAFNIUM attacks, but Prometei can find unpatched and vulnerable servers.
Prometei has been utilized to attack victims in several industries in North America, South America, Europe, and East Asia.
Microsoft and other organizations have taken several steps to fix the vulnerabilities used in the attacks on Exchange servers. As previously reported, hackers are racing to take advantage of unpatched servers. It seems that this will continue to be an issue until all servers are patched or fixed.
All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.
He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.
Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.
