Detections
Analytics
CVE-2023-27532
high
Description
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
References
https://www.infosecurity-magazine.com/news/amazon-russian-gru-hackers-target/
https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html
https://cyberscoop.com/amazon-threat-intel-russia-attacks-energy-sector-sandworm-apt44/
https://www.theregister.com/2025/12/15/amazon_ongoing_gru_campaign/
https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html
https://cybelangel.com/blog/qilin-ransomware-tactics-attack/
https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor
https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html
https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/
https://therecord.media/veam-vulnerability-exploited-ransomware-cisa-kev
https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub
https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html
https://www.securityweek.com/year-old-veeam-vulnerability-exploited-in-fresh-ransomware-attacks/
https://blogs.blackberry.com/en/2024/07/akira-ransomware-targets-the-latam-airline-industry
https://www.group-ib.com/blog/estate-ransomware/
https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a
https://news.sophos.com/en-us/2023/12/21/akira-again-the-ransomware-that-keeps-on-taking/
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html