Hundreds of R1Soft Servers Compromised Through CVE-2022-36537
February 22, 2023
Hundreds of R1Soft servers have been compromised through exploitation of a vulnerability tracked as CVE-2022-36537, according to cybersecurity company Fox-IT. The vulnerability was discovered last year in ConnectWise’s R1Soft Server Backup Manager software and patched in May 2022.
"With the help of fingerprinting, we have identified multiple compromised hosting providers globally," said Fox-IT in a blog post on Wednesday. Fox-IT identified 286 backdoored servers in late January, mainly in the United States and South Korea, and the number dropped to 146 backdoored servers by February 20. The attackers exfiltrated files from compromised systems, including VPN configuration files, IT admin information, and sensitive documents.
Fox-IT has released indicators of compromise (IoCs) that can help organizations determine whether their systems have been hacked through exploitation of CVE-2022-36537. Organizations are urged to patch their installations as soon as possible to prevent exploitation of the vulnerability.
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.