Advisory: Exploitation of CVE-2023-27532 on Veeam by Ransomware Groups

Recommendation

It has been reported that the Estate Ransomware Group and the Phobos Ransomware Group have been exploiting the CVE-2023-27532 vulnerability in Veeam Backup & Replication for initial access. This vulnerability allows encrypted credentials stored in the configuration database to be obtained, potentially leading to unauthorized access to the backup infrastructure hosts.

We strongly recommend that organizations using Veeam Backup & Replication take the following actions:

  • Immediately apply the available patch or update from Veeam to address CVE-2023-27532.
  • Review and strengthen access controls and authentication mechanisms for the Veeam Backup & Replication environment.
  • Monitor the Veeam Backup & Replication environment for any suspicious activity and implement appropriate security measures to detect and respond to potential threats.
  • Regularly review and update the backup and recovery processes to ensure the integrity and security of the backup data.
  • Educate and train IT personnel on the importance of maintaining robust security practices for the backup infrastructure.

By taking these proactive steps, organizations can mitigate the risk of exploitation and protect their critical backup data and infrastructure.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top