The Threat CodexDec 15
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure
#CVE_2022_26318 #CVE_2021_26084 #CVE_2023_22518 #CVE_2023_27532 #CurlyCOMrades
https://aws.amazon.com/blogs/security/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure/
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services

As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. This tactical adaptation enables the same […]

Amazon Web Services
Clément LabroSep 10, 2024

Cool blog post by my colleague @plopz0r !!!

"Getting code execution on Veeam through CVE-2023-27532"

👉 https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/

This post has been awaiting publication for a loooooong time, at Veeam's request, but now that Watchtowr released their own detailed writeup, mainly describing the RCE found by my colleague a while ago, we decided to move forward and release it.

BTW, for a reason I ignore, he was not credited by Veeam (KB4649) for this discovery. I assume it's just an oversight on their end. :eyes: It's possible that it's a duplicate, but I have a hard time believing that he was not the first one to report this vulnerability given the timeline.

#cve_2024_40711 #veeam #cve #rce #windows #CVE_2023_27532

Getting code execution on Veeam through CVE-2023-27532 – SCRT Team Blog

The Threat CodexJul 10, 2024
Patch or Peril: A Veeam vulnerability incident
#CVE_2023_27532 #EstateRansomware
https://www.group-ib.com/blog/estate-ransomware/
Caitlin CondonMar 23, 2023
Analysis and #RCE #PoC for #CVE_2023_27532 in #Veeam Backup & Replication via #Rapid7's @stephenfewer: https://attackerkb.com/topics/ALUsuJioE5/cve-2023-27532/rapid7-analysis
ccondon-r7's assessment of CVE-2023-27532 | AttackerKB

We've continued to see reports of exploitation for CVE-2023-27532. Almost a year out from the initial advisory, there's been ransomware (Cuba, Akira) and other…

AttackerKB