The Cuba ransomware gang has been observed in attacks targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools.
BlackBerry's Threat Research and Intelligence team, which spotted the latest campaign in early June 2023, reports that Cuba now leverages CVE-2023-27532 to steal credentials from configuration files
The particular flaw impacts Veeam Backup & Replication (VBR) products, and an exploit for it has been available since March 2023.
Previously, WithSecure reported that FIN7, a group with multiple confirmed affiliations with various ransomware operations, was actively exploiting CVE-2023-27532.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
