Hundreds of R1Soft Servers Compromised Through CVE-2022-36537

February 22, 2023

Hundreds of R1Soft servers have been compromised through exploitation of a vulnerability tracked as CVE-2022-36537, according to cybersecurity company Fox-IT. The vulnerability was discovered last year in ConnectWise’s R1Soft Server Backup Manager software and patched in May 2022.

"With the help of fingerprinting, we have identified multiple compromised hosting providers globally," said Fox-IT in a blog post on Wednesday. Fox-IT identified 286 backdoored servers in late January, mainly in the United States and South Korea, and the number dropped to 146 backdoored servers by February 20. The attackers exfiltrated files from compromised systems, including VPN configuration files, IT admin information, and sensitive documents.

Fox-IT has released indicators of compromise (IoCs) that can help organizations determine whether their systems have been hacked through exploitation of CVE-2022-36537. Organizations are urged to patch their installations as soon as possible to prevent exploitation of the vulnerability.

Latest News

• CISA Warns of Exploited Mitel MiVoice Connect Vulnerabilities
• VMware Issues Critical Fix for Vulnerability
• Exploiting Windows Backup and Restore Service Vulnerability
• Apple Updates Security Advisories to Add New iOS and macOS Vulnerabilities
• Critical Vulnerability in FortiNAC Exploited