![Exhibiting advanced APT-like behavior. [Research Saturday]](https://imgv2-2-f.scribdassets.com/img/audiobook/514804809/198x198/9059d5f24c/1679683392?v=1)
21 min listen
Exhibiting advanced APT-like behavior. [Research Saturday]
FromCyberWire Daily
ratings:
Length:
22 minutes
Released:
Jun 26, 2021
Format:
Podcast episode
Description
Guest Yonatan Striem-Amit joins Dave to talk about Cybereason's research "Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities." The Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange vulnerabilities (CVE-2021-27065 and CVE-2021-26858) in order to penetrate the network and install malware. Yonatan shares his team's findings of the investigation of the attacks, including the initial foothold sequence of the attackers, the functionality of the different components of the malware, the threat actors’ origin and the bot’s infrastructure.
The research can be found here:
Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
The research can be found here:
Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
Released:
Jun 26, 2021
Format:
Podcast episode
More Episodes from CyberWire Daily
SolarWinds and the SEC. by CyberWire Daily