Security News > 2023 > April > Hackers target vulnerable Veeam backup servers exposed online
Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.
Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication software.
Threat researchers at Finnish cybersecurity and privacy company WithSecure note in a report this week that the attacks they observed in late March targeted servers running Veeam Backup and Replication software that were accessible over the public web.
While performing a threat hunt exercise using telemetry data from WithSecure's Endpoint Detection and Response, the researchers noticed some Veeam servers that generated suspicious alerts.
Once they got access to the host, the hackers used their malware, various commands, and custom scripts to collect system and network information, as well as credentials from the Veeam backup database.
WithSecure recommends organizations that use Veeam Backup and Replication software heed the information they provided and use it to look for signs of compromise on their network.
News URL
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- Targus discloses cyberattack after hackers detected on file servers (source)
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)