The Prometei botnet has been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March. The main focus of the botnet’s attacks on Exchange servers is to deploy the cryptomining payload, start earning money for its operators, and spread to other devices on the network. Over 90% of vulnerable Exchange servers affected by these vulnerabilities are now patched and safe from attacks. The threat actor behind this botnet is unknown, but there is evidence that they speak Russian, including the name and product name used in older versions.
Source: https://www.bleepingcomputer.com/news/security/botnet-backdoors-microsoft-exchange-servers-mines-cryptocurrency/