Security News > 2023 > April > Hackers target vulnerable Veeam backup servers exposed online

Hackers target vulnerable Veeam backup servers exposed online
2023-04-29 14:41

Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.

Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.

Threat researchers at Finnish cybersecurity and privacy company WithSecure note in a report this week that the attacks they observed in late March targeted servers running Veeam Backup and Replication software that were accessible over the public web.

While performing a threat hunt exercise using telemetry data from WithSecure's Endpoint Detection and Response, the researchers noticed some Veeam servers that generated suspicious alerts.

Once they got access to the host, the hackers used their malware, various commands, and custom scripts to collect system and network information, as well as credentials from the Veeam backup database.

WithSecure recommends organizations that use Veeam Backup and Replication software heed the information they provided and use it to look for signs of compromise on their network.


News URL

https://www.bleepingcomputer.com/news/security/hackers-target-vulnerable-veeam-backup-servers-exposed-online/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Veeam 11 0 8 9 7 24