Veeam Backup and Replication software is a popular choice for many organizations to protect their critical data. However, recent reports have revealed that hackers are targeting vulnerable Veeam backup servers that are exposed online, leaving organizations at risk of data theft and other cyberattacks.
There is evidence that at least one group of threat actors, who have been associated with several high-profile ransomware gangs, are targeting Veeam backup servers.
Starting from March 28th, there have been reported incidents of malicious activity and tools similar to FIN7 attacks being used to exploit a high-severity vulnerability in the Veeam Backup and Replication (VBR) software.
This vulnerability, tracked as CVE-2023-27532, exposes encrypted credentials stored in the VBR configuration to unauthenticated users, potentially allowing unauthorized access to the backup infrastructure hosts.
The software vendor addressed the vulnerability on March 7 and offered instructions for implementing workarounds. However, on March 23, a pentesting company named Horizon3 released an exploit for CVE-2023-27532, which showed how the credentials could be extracted in plain text using an unsecured API endpoint.
The exploit also allow
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: