Incident ResponseMar 30, 2026
RDP bitmap cache artifacts revealed the threat actor opening the Veeam Backup & Replication c...
RDP bitmap cache artifacts exposed threat actor accessing Veeam Backup & Replication console and deleting backups.
Summary
Forensic analysis of RDP bitmap cache artifacts revealed a threat actor's interactive session accessing the Veeam Backup & Replication console, reviewing backup jobs, tape and storage infrastructure, and removing backups from the configuration database. This forensic evidence provides detailed insight into attacker tactics for disabling backup defenses post-compromise, a critical technique in ransomware attacks.
Indicators of Compromise
- malware — Veeam Backup & Replication console compromise