Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Veeam Flaw Used to Spread Frag Ransomware

November 11, 2024
Reading Time: 2 mins read
in Alerts
Veeam Flaw Used to Spread Frag Ransomware

Hackers are exploiting a critical vulnerability in Veeam Backup & Replication software (CVE-2024-40711) to deploy a newly discovered ransomware strain named “Frag.” This vulnerability, rated 9.8 on the CVSS severity scale, enables unauthenticated remote code execution, allowing attackers to gain administrative access and execute malicious commands. Sophos X-Ops researchers recently identified the threat actors behind this campaign as STAC 5881, a group known for leveraging compromised VPN appliances to gain entry into target networks and then exploiting the Veeam vulnerability to create unauthorized administrator accounts.

STAC 5881 has previously deployed other ransomware variants, including Akira and Fog, targeting critical infrastructure. In this recent incident, Sophos researchers noted the deployment of Frag ransomware, a previously undocumented malware that appends the “.frag” extension to encrypted files. The ransomware is executed via command line and requires attackers to specify the percentage of each file to be encrypted, a tactic designed to increase the likelihood of ransom payment by limiting data recovery options. In addition to creating an unauthorized account named “point,” the attackers also created a “point2” account in this attack, highlighting their strategic use of rogue accounts for sustained access and control.

Frag ransomware shares many tactics, techniques, and procedures (TTPs) with Akira and Fog ransomware, suggesting possible links between the threat actors or the adoption of shared tools and methods. This targeted attack on Veeam Backup & Replication aligns with an ongoing trend of ransomware groups targeting backup solutions to increase the impact of their campaigns, preventing victims from easily restoring their data without paying a ransom.

Cybersecurity experts strongly recommend organizations using Veeam Backup & Replication apply the latest patches released in September 2024 to address this vulnerability. Additionally, they advise isolating backup systems from the internet, enforcing multi-factor authentication for administrative access, and implementing continuous monitoring for any suspicious activities. As attackers increasingly target backup systems, taking proactive security measures has become critical to safeguarding sensitive data against ransomware attacks.

Reference:
  • Veeam Remote Code Execution Vulnerability Used to Deploy New Frag Ransomware
Tags: AkiraCyber AlertsCyber Alerts 2024Cyber threatsFog ransomwareFragHackersNovember 2024RansomwareVeeamVulnerabilities
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial