It has been discovered that the Russian threat group FIN7 is taking advantage of unpatched Veeam Backup & Replication instances. The primary focus of FIN7, which has been operational at least since 2015, is on financially motivated crimes involving the theft of credit card information. Early in March, the CVSS score of 7.5 Veeam Backup & Replication vulnerability CVE-2023-27532 was disclosed and patched.
Its Proof-of-Concept (PoC) exploitation code was made available to the public about two weeks later. According to Veeam, if the problem were to be properly exploited, an attacker would be able to get encrypted credentials that were kept in the Veeam backup database.