Ransomware, Malware, Threat Management

Early backdoor implantation leveraged by Lorenz ransomware

Share

BleepingComputer reports that the Lorenz ransomware operation exploited a critical Mitel telephony infrastructure vulnerability, tracked as CVE-2022-29499, to obtain initial access to the victim's network five months prior to commencing lateral movement, data theft, and system encryption activities. While the victim organization applied patches for the Mitel flaw, the backdoor had already been implanted by Lorenz ransomware a week prior to the release of the security update, according to a report from global intelligence and cyber security consulting company S-RM. "They leveraged vulnerabilities within two Mitel PHP pages on a CentOS system on the network perimeter, which allowed them to retrieve a web shell from their own infrastructure and install it on the system," said S-RM. The five-month gap between initial network access and the eventual attack suggests that Lorenz ransomware may have secured network access from a broker. Lorenz "is actively returning to old backdoors, checking they still have access and using them to launch ransomware attacks," researchers added.

Early backdoor implantation leveraged by Lorenz ransomware

BleepingComputer reports that the Lorenz ransomware operation exploited a critical Mitel telephony infrastructure vulnerability, tracked as CVE-2022-29499, to obtain initial access to the victim's network five months prior to commencing lateral movement, data theft, and system encryption activities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.