Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month.
Researchers from cybersecurity firm WithSecure investigated two such compromises so far, dating from late March, but they believe are likely part of a larger campaign. The post-exploitation activity included setting up persistence, system and network reconnaissance, credential extraction and lateral movement.
More Stories
Friday Squid Blogging: Light-Emitting Squid
It’s a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid,...
University of Manchester Suffers Suspected Data Breach During Cyber Incident
The University is working with authorities to resolve the incident and understand what data has been accessed Read More
Barracuda: Immediately rip out and replace our security hardware
Barracuda Networks is taking the unusual step of telling its customers to physically remove and decommission its hardware. Read More
Google launches Secure AI Framework to help secure AI technology
Google has announced the launch of the Secure AI Framework (SAIF), a conceptual framework for securing AI systems. Google, owner...
Barracuda Urges Swift Replacement of Vulnerable ESG Appliances
Investigating the ESG bug, Rapid7 assumed the presence of persistent malware hindering device wipes Read More
Operation Triangulation: Zero-Click iPhone Malware
Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem,...