WithSecure Intelligence: FIN7 conducts attacks against Veeam backup servers
April 2023 by WithSecure™
The WithSecure Intelligence team discovered an APT exploiting a recently disclosed vulnerability over the weekend.
The attacks occurred in late March 2023 against internet-facing servers running Veeam Backup & Replication software.
WithIntel research indicates with high confidence that the intrusion set used in these attacks is consistent with activities attributed to the FIN7 activity group . It is likely that initial access & execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532[1].
FIN7 is a financially motivated cybercrime group with roots dating back to mid-2010s. The group has been involved in several high-profile, large-scale attacks over the years.
The group’s tradecraft and modus operandi have evolved over their multi-year history, developing new tools and expanding their operations.