1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Ransomware gang is exploiting flaws in backup software to attack

    From TechnologyDaily@1337:1/100 to All on Mon Aug 21 13:00:03 2023
    Ransomware gang is exploiting flaws in backup software to attack infrastructure

    Date:
    Mon, 21 Aug 2023 12:18:19 +0000

    Description:
    Flaws in Veeam's backup solution were abused to steal credentials,
    researchers say.

    FULL STORY ======================================================================

    A known ransomware gang is exploiting a high-severity vulnerability in enterprise backup solutions to deploy malware to their targets and steal
    login credentials.

    This is according to a new report from BlackBerrys Threat Research and Intelligence team, which claims that the hacking campaign started in early June this year. The organization behind it, known as Cuba, has been alleged
    by some cybersecurity experts to have ties to the Russian government.

    Apparently, Cuba excludes endpoints with the Russian keyboard layout from its attacks and has a number of Russian 404 pages on its infrastructure. Furthermore, it targets (almost exclusively) organizations in the Western world, leading researchers to conclude that the attackers are likely state-aligned. Critical targets

    In this campaign, the group targeted critical infrastructure organizations in the United States, as well as IT firms in Latin America, although no names were mentioned.

    To target these firms, Cuba abused CVE-2023-27532, a high-severity flaw discovered in Veeam Backup & Replication (VBR) tools. By using previously obtained administrator credentials, the attackers use RDP to infiltrate the target network and drop their custom downloader BugHatch. Read more

    The best firewall software



    LockBit ransomware has cost victims millions in the US alone


    The end of Reddit? Why the blackout is still going and what happens next

    A couple of additional steps are required before the network is fully compromised, though, including the deployment of a vulnerable driver to turn off endpoint protection tools.

    Given that the Veeam flaw has been around for a few months now, as well as
    the fact that a proof-of-concept is already available on the internet, deploying a patch is pivotal at this moment, warns BleepingComputer.

    The publication added that Cuba also exploits CVE-2020-1472 ("Zerologon"), a vulnerability in Microsoft's NetLogon protocol, which gives the attackers privilege escalation against AD domain controllers.

    Last time we heard from Cuba was in mid-April last year, when cybersecurity researchers from Mandiant observed the group abusing flaws in Microsoft Exchange to compromise corporate endpoints, harvest data, and deploy the COLDDRAW malware.

    The experts report stated the group used ProxyShell and ProxyLogon vulnerabilities at least since August 2021 to plant various web shells,
    Remote Access Trojans (RAT), and backdoors on compromised systems. Check out the best backup tools around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ransomware-gang-is-exploiting-flaws-in- backup-software-to-attack-infrastructure


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)