Dive Brief:
- A critical infrastructure organization in the U.S. was attacked by the Cuba ransomware group via a months-old vulnerability in Veeam, according to BlackBerry research.
- The prolific ransomware group “deployed a set of malicious tools that overlapped with previous campaigns associated with this attacker, as well as introducing new ones, including the first observed use of an exploit for the Veeam vulnerability CVE-2023-27532,” BlackBerry said in Thursday blog post.
- The vulnerability, which affects Veeam Backup & Replication software, allows an attacker to potentially access credentials stored in the configuration file on victim devices.
Dive Insight:
The Cuba ransomware group, which has no known connection to the Republic of Cuba, had compromised more than 100 organizations globally and demanded more than $145 million in ransom by late 2022, according to a joint advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency.
The threat actor also attacked an IT integrator in Latin America in June, underscoring the threat actor’s persistent targeting of critical infrastructure organizations globally.
The financially-motivated group’s most recent campaign targeted organizations in the U.S., Mexico, Guatemala, Honduras, El Salvador, the Dominican Republic, Costa Rica, Panama, Colombia, Ecuador and Chile, according to BlackBerry.
“Our investigation indicates that the Cuba threat group continues to target entities in crucial sectors such as critical infrastructure,” BlackBerry said.
The ransomware group was first discovered in late 2019 and had received $60 million in ransom payments by late 2022, according to CISA.
