ALPHV ransomware leverages Veritas Backup Exec vulnerabilities for entry

The ALPHV ransomware affiliate, UNC4466, has been observed exploiting three vulnerabilities in Veritas Backup Exec to gain initial access to target networks. The flaws, which were disclosed in March 2021, allow for arbitrary file access, remote unauthorized access, and arbitrary command execution. Despite a fix being released over two years ago, many endpoints remain vulnerable. UNC4466 uses publicly-available tools like Metasploit and SOCKS5 tunneling to communicate with the command and control server and evade detection. Mandiant provides guidance for defenders to detect and mitigate these attacks.