Patch or Peril: A Veeam vulnerability incident

July 12, 2024, 5:49 p.m.

Description

While the vulnerability CVE-2023-27532 was made public in March 2023 and subsequently patched by Veeam for versions 12/11a and later for Veeam Backup & Replication software, Group-IB’s Digital Forensics and Incident Response (DFIR) team recently observed a notable incident related to this vulnerability.

External References

https://www.group-ib.com/blog/estate-ransomware/
https://otx.alienvault.com/pulse/66916868e0b575ac0469ac57
Tags
backdoor
ransomware
adfind
vpn
2024-07-12
fortigate
veeam
CVE-2023-27532
svhost
netscan

Date

  • Created: July 12, 2024, 5:31 p.m.
  • Published: July 12, 2024, 5:31 p.m.
  • Modified: July 12, 2024, 5:49 p.m.

Indicators

  • 149.28.99.61
  • 149.28.106.252
Download all indicators here!

Attack Patterns

  • EstateRansomware