FIN7 Hackers Caught Exploiting Veeam Vulnerability
The infamous FIN7 hacking organisation has been targeting a recent weakness in Veeam, a renowned data security and backup service. Veeam patched the CVE-2021-35277 vulnerability in May 2021, but it appears that some organisations are yet to update their systems leaving them exposed to attack.
FIN7, also known as Carbanak Group, is a for-profit hacking group that has been operating since at least 2015. They have been linked to multiple high-profile data breaches and thefts and are known to target businesses in the retail, hospitality, and banking sectors among others.
According to a recent FireEye Mandiant investigation, FIN7 has been using the Veeam vulnerability to obtain access to target networks and implant malware. The attackers are reported to have utilised a custom-built tool dubbed “Cobalt Strike” to carry out their operations.
The Veeam vulnerability, which is a privilege escalation problem allows an attacker with access to a compromised machine to obtain full control of the system. This would allow them to install and execute malicious malware, steal data and engage in other illicit actions.
The fact that FIN7 has exploited this vulnerability emphasises the necessity of keeping software and systems up to date with the most recent security fixes. Organisations who fail to do so risk not only being attacked, but potentially disclosing critical data and harming their brand.
In response to the news, Veeam has asked its clients to update their systems to the most recent version and to apply all security patches as soon as possible. The company has also claimed that it takes the security of its products and customers extremely seriously and is committed to providing regular updates and fixes to address any detected vulnerabilities.
The recent news of FIN7 exploiting the Veeam vulnerability is a stark reminder of the ongoing threat posed by cybercriminals and the importance of keeping software and systems up to date with the latest security patches. Organizations must remain vigilant and take proactive measures to protect their data and networks from these types of attacks.
Author: Jasmine Sahoo