The Prometei botnet is taking a page from advanced persistent threat (APT) cyberattackers. The malware is using exploits for the Microsoft Exchange ProxyLogon security bugs to install Monero-mining malware on targets. The botnet could extend back to 2016, Cybereason researchers said. The attackers use the vulnerabilities to install and execute the China Chopper web shell, which in turn downloads a payload from an attacker-controlled URL. It has been observed infecting networks in the U.S., U.K. and many other European countries, as well as South America and East Asia.
Source: https://threatpost.com/prometei-botnet-apt-attacks/165574/