Newly emergent EstateRansomware ransomware group has deployed intrusions leveraging the already addressed high-severity Veeam Backup & Replication software flaw, tracked as CVE-2023-27532, since April, The Hacker News reports. Intrusions by EstateRansomware involved the targeting of a Fortinet FortiGate firewall SSL VPN instance with brute-force attempts for initial access before launching the persistent "svchost.exe" backdoor and conducting remote desktop protocol-based lateral movement, an analysis from Group-IB showed. Exploitation of the vulnerability was then followed by "xp_cmdshell" activation and the creation of the new "VeeamBkp" account, which was used alongside NetScan and other hacking tools for malicious activities. Attackers then moved to deactivate Windows Defender before distributing ransomware, according to researchers. Such findings come after a Cisco Talos report detailing the evolving tactics, techniques, and procedures employed by ransomware operations. "The diversification highlights a shift toward more boutique-targeted cybercriminal activities, as groups such as Hunters International, Cactus, and Akira carve out specific niches, focusing on distinct operational goals and stylistic choices to differentiate themselves," said Cisco Talos.
Ransomware, Patch/Configuration Management
Attacks leveraging Veeam backup software flaw launched by novel ransomware gang

An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds