Security News > 2023 > January > Lorenz ransomware gang plants backdoors to use months later
Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.
One case is a Lorenz ransomware attack that reached completion months after the hackers gained access to the victim's network using an exploit for a critical bug in a telephony system.
During an incident response engagement to a Lorenz ransomware attack, researchers at global intelligence and cyber security consulting company S-RM determined that the hackers had breached the victim network five months before starting to move laterally, steal data, and encrypt systems.
S-RM researchers found that while their client had applied the patch for CVE-2022-29499 in July, the Lorenz ransomware hackers moved faster and exploited the vulnerability, and planted a backdoor a week before the update that fixed the issue.
The S-RM researchers say that the long inactivity time could suggest that the ransomware group purchased their access to the victim network from a broker.
Another theory is that the Lorenz gang is sufficiently organized to have a dedicated branch that obtains initial access and protects it against possible hijacking by other intruders.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-26 | CVE-2022-29499 | Improper Input Validation vulnerability in Mitel Mivoice Connect The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. | 9.8 |