New Ransomware Group Exploiting Veeam Backup Software Vulnerability - July 10, 2024
- Core Insights Advisory Services
- Jul 9, 2024
- 1 min read
July 10, 2024
"A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.
Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.
Initial access to the target environment is said to have been facilitated by means of a Fortinet FortiGate firewall SSL VPN appliance using a dormant account.
"The threat actor pivoted laterally from the FortiGate Firewall through the SSL VPN service to access the failover server," security researcher Yeo Zi Wei said in an analysis published today."
Source (and click her to read the fully article): https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html