Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
Patch or Peril: A Veeam vulnerability incident https://www.group-ib.com/blog/estate-ransomware/
12/07/2024 22:21:57
QRCode
archive.org

Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences.

  • Initial access via FortiGate Firewall SSL VPN using a dormant account
  • Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP.
  • Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation.
  • Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting.
  • Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
group-ib EN 2024 Veeam vulnerability incident ransomware FortiGate NirSoft
4372 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio