Tools and techniques used consistent with past FIN7 activityįIN7 or Carbon Spider is a cybercrime group that has been in operation since at least 2013 and has been associated with the Carbanak malware family. The post-exploitation activity included setting up persistence, system and network reconnaissance, credential extraction and lateral movement. Researchers from cybersecurity firm WithSecure investigated two such compromises so far, dating from late March, but they believe are likely part of a larger campaign. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month.
Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them.
0 kommentar(er)
