Security News > 2023 > April > Hackers target vulnerable Veeam backup servers exposed online

Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.
Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.
Threat researchers at Finnish cybersecurity and privacy company WithSecure note in a report this week that the attacks they observed in late March targeted servers running Veeam Backup and Replication software that were accessible over the public web.
While performing a threat hunt exercise using telemetry data from WithSecure's Endpoint Detection and Response, the researchers noticed some Veeam servers that generated suspicious alerts.
Once they got access to the host, the hackers used their malware, various commands, and custom scripts to collect system and network information, as well as credentials from the Veeam backup database.
WithSecure recommends organizations that use Veeam Backup and Replication software heed the information they provided and use it to look for signs of compromise on their network.
News URL
Related news
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Russia-linked hackers target webmail servers in Ukraine-related espionage operation (source)