Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Veeam Flaw Used to Spread Frag Ransomware

November 11, 2024
Reading Time: 2 mins read
in Alerts
Veeam Flaw Used to Spread Frag Ransomware

Hackers are exploiting a critical vulnerability in Veeam Backup & Replication software (CVE-2024-40711) to deploy a newly discovered ransomware strain named “Frag.” This vulnerability, rated 9.8 on the CVSS severity scale, enables unauthenticated remote code execution, allowing attackers to gain administrative access and execute malicious commands. Sophos X-Ops researchers recently identified the threat actors behind this campaign as STAC 5881, a group known for leveraging compromised VPN appliances to gain entry into target networks and then exploiting the Veeam vulnerability to create unauthorized administrator accounts.

STAC 5881 has previously deployed other ransomware variants, including Akira and Fog, targeting critical infrastructure. In this recent incident, Sophos researchers noted the deployment of Frag ransomware, a previously undocumented malware that appends the “.frag” extension to encrypted files. The ransomware is executed via command line and requires attackers to specify the percentage of each file to be encrypted, a tactic designed to increase the likelihood of ransom payment by limiting data recovery options. In addition to creating an unauthorized account named “point,” the attackers also created a “point2” account in this attack, highlighting their strategic use of rogue accounts for sustained access and control.

Frag ransomware shares many tactics, techniques, and procedures (TTPs) with Akira and Fog ransomware, suggesting possible links between the threat actors or the adoption of shared tools and methods. This targeted attack on Veeam Backup & Replication aligns with an ongoing trend of ransomware groups targeting backup solutions to increase the impact of their campaigns, preventing victims from easily restoring their data without paying a ransom.

Cybersecurity experts strongly recommend organizations using Veeam Backup & Replication apply the latest patches released in September 2024 to address this vulnerability. Additionally, they advise isolating backup systems from the internet, enforcing multi-factor authentication for administrative access, and implementing continuous monitoring for any suspicious activities. As attackers increasingly target backup systems, taking proactive security measures has become critical to safeguarding sensitive data against ransomware attacks.

Reference:
  • Veeam Remote Code Execution Vulnerability Used to Deploy New Frag Ransomware
Tags: AkiraCyber AlertsCyber Alerts 2024Cyber threatsFog ransomwareFragHackersNovember 2024RansomwareVeeamVulnerabilities
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial