"IT management software company SmarterTools fell victim to a ransomware attack through an unpatched instance of its SmarterMail email server. The incident occurred on January 29 and impacted the company's office network and a data center hosting quality control testing systems, SmarterTools' portal, and its Hosted SmarterTrack network. The company's website, shopping cart, My Account portal, and other services were not affected, as they were hosted on a different network."
""When we first noticed the breach, we instantly shut off all servers at the two locations and we disabled all internet until we completely evaluated all aspects of the breach and either eliminated servers and/or restored servers to be safe," Curtis explained. Because the hackers only targeted Windows systems, SmarterTools eliminated as many as it could and removed Active Directory services from its environment, while resetting passwords across the network."
A SmarterMail VM that was not patched was used as the entry point for a ransomware attack on January 29, affecting SmarterTools' office network and a data center that hosted quality control testing, the SmarterTools portal, and Hosted SmarterTrack. Services on a separate network, such as the website, shopping cart, and My Account portal, were not impacted. Attackers moved laterally and compromised 12 Windows servers. Response actions included shutting down servers, disabling internet, removing Windows systems and Active Directory, and resetting passwords. The attack is attributed to the Warlock group and likely exploited CVE-2026-24423; some customers were also compromised.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]