Hackers target Vulnerable Veeam Backup Servers exposed online


Level 44
Thread author
Top Poster
Nov 10, 2017
Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.

Malicious activity and tools echoing FIN7 attacks have been observed in intrusions since March 28, less than a week after an exploit became available for a high-severity vulnerability in Veeam Backup and Replication (VBR) software.

Tracked as CVE-2023-27532, the security issue exposes encrypted credentials stored in the VBR configuration to unauthenticated users in the backup infrastructure. This could be used to access the backup infrastructure hosts.

The software vendor fixed the issue on March 7 and provided workaround instructions.

On March 23, Horizon3 pentesting company released an exploit for CVE-2023-27532, which also demonstrated how an unsecured API endpoint could be abused to extract the credentials in plain text. An attacker leveraging the vulnerability could also run code remotely with the highest privileges.

At the time, Huntress Labs warned that there were still approximately 7,500 internet-exposed VBR hosts that appeared to be vulnerable.

Full article

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.