Ransomware, Vulnerability Management, Threat Intelligence

Critical Veeam RCE leveraged in Akira, Fog ransomware attacks

Share
(Credit: Postmodern Studio – stock.adobe.com)

BleepingComputer reports that both Akira and Fog ransomware payloads were attempted to be launched in intrusions involving the exploitation of the critical remote code execution flaw in Veeam Backup & Replication servers, tracked as CVE-2024-40711, during the past month.

All of the attacks also entailed the utilization of previously stolen credentials to infiltrate VPN gateways without multi-factor authentication, some of which were on outdated software, according to a report from Sophos X-Ops researchers. "In the Fog ransomware incident, the attacker deployed it to an unprotected Hyper-V server, then used the utility rclone to exfiltrate data," said Sophos X-Ops. Such a development comes more than a year after the high-severity Veeam Backup & Replication vulnerability, tracked as CVE-2023-27532, had been used in Cuba ransomware intrusions against critical infrastructure organizations in the U.S. and IT firms in Latin America, as well as in attacks by the FIN7 threat operation associated with the BlackBasta, REvil, and Conti ransomware gangs.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.