Home Security Lace Tempest Hackers Behind Energetic Exploitation of MOVEit Switch App

Lace Tempest Hackers Behind Energetic Exploitation of MOVEit Switch App

by crpt os


Jun 05, 2023Ravie LakshmananZero Day / Cyber Attack

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest.

“Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,” the Microsoft Threat Intelligence team said in a series of tweets today. “CVE-2023-34362 allows attackers to authenticate as any user.”

Lace Tempest, also called Storm-0950, is a ransomware affiliate that overlaps with other groups such as FIN11, TA505, and Evil Corp. It’s also known to operate the Cl0p extortion site.

Cybersecurity

The threat actor also has a track record of exploiting different zero-day flaws to siphon data and extort victims, with the group recently observed weaponizing a severe bug in PaperCut servers.

CVE-2023-34362 relates to an SQL injection vulnerability in MOVEit Transfer that enables unauthenticated, remote attackers to gain access to the database and execute arbitrary code.

There are believed to be at least over 3,000 exposed hosts utilizing the MOVEit Transfer service, according to data from attack surface management company Censys.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

Google-owned Mandiant, which is tracking the activity under the moniker UNC4857 and has labeled the web shell LEMURLOOT, said it identified broad tactical connections with FIN11.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), last week, added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, recommending federal agencies to apply vendor-provided patches by June 23, 2023.

The development follows the similar zero-day mass exploitation of Accellion FTA servers in December 2020 and GoAnywhere MFT in January 2023, making it imperative that users apply the patches as soon as possible to secure against potential risks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex