Veeam Backup & Replication Vulnerability (CVE-2023-27532) Exploited by BlackCat Ransomware Affiliate(s)
Dark Lab on Apr 18 2023
Share:
On 17 April 2023, researchers have observed an affiliate of the BlackCat Ransomware-as-a-Service (RaaS) group exploiting the authentication bypass vulnerability (CVE-2023-27532) in Veeam's Backup and Replication.
The vulnerability allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. A proof-of-concept (PoC) has been publicly available since 23 March 2023 and showcases the ease of exploitation.
Given the active exploitation by BlackCat affiliates, we urge organisations to apply the patch as soon as possible and consider performing threat hunting to identify potential attempts of intrusion.
https://www.veeam.com/kb4424
https://twitter.com/0xMalWar/status/1647852441910775816
The vulnerability allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. A proof-of-concept (PoC) has been publicly available since 23 March 2023 and showcases the ease of exploitation.
Given the active exploitation by BlackCat affiliates, we urge organisations to apply the patch as soon as possible and consider performing threat hunting to identify potential attempts of intrusion.
https://www.veeam.com/kb4424
https://twitter.com/0xMalWar/status/1647852441910775816