A known ransomware gang is exploiting a high-severity vulnerability in enterprise backup solutions to deploy malware to their targets and steal login credentials.
This is according to a new report from BlackBerry’s Threat Research and Intelligence team, which claims that the hacking campaign started in early June this year. The organization behind it, known as Cuba, has been alleged by some cybersecurity experts to have ties to the Russian government.
Apparently, Cuba excludes endpoints with the Russian keyboard layout from its attacks and has a number of Russian 404 pages on its infrastructure. Furthermore, it targets (almost exclusively) organizations in the Western world, leading researchers to conclude that the attackers are likely state-aligned.