Threat Awareness – Ransomware Group Returns to Leverage Backdoor Implanted Prior to Patch

Bleeping Computer has written an article discussing recently discovered activity by the Lorenz ransomware gang in relation to a Mitel MiVoice vulnerability (CVE-2022-29499) publicized in 2022 and included on CISA’s Known Exploited Vulnerabilities Catalog in June. While Mitel released a patch for the vulnerability in a timely manner, researchers from S-RM determined that the Lorenz group was already exploring and exploiting vulnerable networks at least a week ahead of the patch release. The threat actors leveraged the exploit to plant backdoors to presumably be used at a later date, which is how researchers first discovered the activity while responding to a client suffering from a ransomware infection. This approach is reminiscent of the Microsoft Exchange vulnerabilities from March 2021 that were leveraged to install the China Chopper backdoor and also demonstrates the importance for organizations to check for intrusions on their network before (and after) applying major patches. Read more at Bleeping Computer here.