Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month.
Researchers from cybersecurity firm WithSecure investigated two such compromises so far, dating from late March, but they believe are likely part of a larger campaign. The post-exploitation activity included setting up persistence, system and network reconnaissance, credential extraction and lateral movement.