"Lorenz Ransomware Gang Plants Backdoors to Use Months Later"

Security experts warn that patching critical flaws that enable network access is insufficient protection against ransomware attacks. Some ransomware gangs are using critical vulnerabilities to plant a backdoor while the window of opportunity is still open, and they may return long after the victim has completed applying the security updates. For example, a Lorenz ransomware attack was performed months after the hackers behind it obtained access to the victim's network by exploiting a critical vulnerability in a telephony system. During an incident response engagement with a Lorenz ransomware attack, researchers from the global intelligence and cybersecurity consulting firm S-RM determined that the hackers had infiltrated the target network five months prior to moving laterally, stealing data, and encrypting computers. S-RM found that the initial breach was caused by the exploitation of CVE-2022-29499, a critical vulnerability in the Mitel telephony infrastructure that permits Remote Code Execution (RCE). This article continues to discuss the Lorenz ransomware gang planting backdoors before security updates are applied and attacking months later. 

Bleeping Computer reports "Lorenz Ransomware Gang Plants Backdoors to Use Months Later"