Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. The botnet appears to be active at least since March 2020, but it was first observed by Cisco Talos experts in July 2020. Experts pointed out that the malware has a modular structure and employes multiple techniques to infect systems and evade detection. Experts observed that the crooks behind this botnet explicitly avoid infecting targets in former Soviet bloc countries. The attackers exploited the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network.”]