Ransomware cyber

Latin American airline

Jul 16, 2024 1 min read
Latin American airline

In June 2024, a Latin American airline fell victim to a targeted cyber attack orchestrated using the Akira ransomware. Attackers gained initial access through SSH exploitation of a vulnerability in Veeam Backup & Replication, identified as CVE-2023-27532. Within a brief span of 133 minutes, the attackers escalated their privileges, exfiltrated sensitive documents, images, and spreadsheets containing confidential data, and laid the groundwork for ransomware deployment. The attack disrupted the airline's operations and led to the encryption of their systems with ransomware, resulting in the potential loss of crucial data and substantial operational disruption.

Source: https://securityaffairs.com/165753/malware/ransomware-groups-target-veeam-backup-replication-bug.html

TPRM report: https://scoringcyber.rankiteo.com/company/alta---latin-american-&-caribbean-air-transport-association

"id": "alt000071624",
"linkid": "alta---latin-american-&-caribbean-air-transport-association",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Aviation',
                        'location': 'Latin America',
                        'name': 'Latin American Airline',
                        'type': 'Airline'}],
 'attack_vector': 'SSH Exploitation',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': 'documents, images, and spreadsheets',
                 'type_of_data_compromised': 'Sensitive documents, images, and '
                                             'spreadsheets containing '
                                             'confidential data'},
 'date_detected': 'June 2024',
 'description': 'In June 2024, a Latin American airline fell victim to a '
                'targeted cyber attack orchestrated using the Akira '
                'ransomware. Attackers gained initial access through SSH '
                'exploitation of a vulnerability in Veeam Backup & '
                'Replication, identified as CVE-2023-27532. Within a brief '
                'span of 133 minutes, the attackers escalated their '
                'privileges, exfiltrated sensitive documents, images, and '
                'spreadsheets containing confidential data, and laid the '
                'groundwork for ransomware deployment. The attack disrupted '
                "the airline's operations and led to the encryption of their "
                'systems with ransomware, resulting in the potential loss of '
                'crucial data and substantial operational disruption.',
 'impact': {'data_compromised': 'Sensitive documents, images, and spreadsheets '
                                'containing confidential data',
            'operational_impact': 'Substantial operational disruption',
            'systems_affected': "Airline's systems"},
 'initial_access_broker': {'entry_point': 'SSH exploitation of Veeam Backup & '
                                          'Replication vulnerability'},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'Akira'},
 'title': 'Akira Ransomware Attack on Latin American Airline',
 'type': 'Ransomware Attack',
 'vulnerability_exploited': 'CVE-2023-27532'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.