Wednesday, April 30, 2025
Copyright 2021 - All Right Reserved
Home News MOVEit Extortion Attacks Attributed to Clop Ransomware
News

MOVEit Extortion Attacks Attributed to Clop Ransomware

by Khaleej Express
written by Khaleej Express 0 comment

Microsoft has formally tied the ongoing active exploitation of a critical vulnerability in the Progress Software MOVEit Transfer application to a threat actor known as Lace Tempest, which also goes by the name Clop ransomware gang. The Microsoft Threat Intelligence team conveyed through a series of tweets that the exploitation of the flaw is frequently accompanied by the deployment of a web shell equipped with data exfiltration capabilities. The vulnerability identified as CVE-2023-34362 allows attackers to authenticate as any user.
Lace Tempest, also referred to as Storm-0950, operates as a ransomware affiliate and shares similarities with other groups like FIN11, TA505, and Evil Corp. They are also associated with the Cl0p extortion site. This threat actor has a history of exploiting various zero-day vulnerabilities to steal data and extort victims, and most recently, they have been observed leveraging a severe bug in PaperCut servers.
CVE-2023-34362 is an SQL injection vulnerability in MOVEit Transfer, which enables remote, unauthenticated attackers to gain access to the application database and execute arbitrary code. According to data from attack surface management company Censys, it is estimated that over 3,000 exposed hosts are utilizing the MOVEit Transfer service. Mandiant, a subsidiary of Google, has been tracking the activity under the codename UNC4857 and has identified significant tactical connections with FIN11. They have labeled the web shell associated with the threat as LEMURLOOT.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, advising federal agencies to apply patches provided by the vendor before June 23, 2023. This development follows similar instances of zero-day mass exploitation targeting Accellion FTA servers in December 2020 and GoAnywhere MFT in January 2023. It is crucial for users to promptly apply the patches to mitigate potential risks and ensure security.

TagsClop Ransomware Extortion Attacks MOVEit Edit Post

You Might Also Like

You may also like

Sourcetable Raises $4.3M for AI-Powered ‘Self-Driving Spreadsheet’

Foxconn Chairman Young Liu to Deliver Keynote at COMPUTEX 2025

GlobalData Finds Companies Across Sectors Posting Jobs Around Vertex AI

UiPath Launches Test Cloud

The National Program for Coders Announces the 2025 winners of InnovAIte

MediaTek CEO Rick Tsai to Deliver Keynote at COMPUTEX 2025

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Soledad is the Best Newspaper and Magazine WordPress Theme with tons of options and demos ready to import. This theme is perfect for blogs and excellent for online stores, news, magazine or review sites.

Buy Soledad now!

Facebook Twitter Youtube Linkedin Envelope Rss

Useful Links

Edtior's Picks

Sourcetable Raises $4.3M for AI-Powered ‘Self-Driving Spreadsheet’
Foxconn Chairman Young Liu to Deliver Keynote at COMPUTEX 2025
The National Program for Coders Announces the 2025 winners of InnovAIte

Latest Articles

Sourcetable Raises $4.3M for AI-Powered ‘Self-Driving Spreadsheet’
Foxconn Chairman Young Liu to Deliver Keynote at COMPUTEX 2025
The National Program for Coders Announces the 2025 winners of InnovAIte
UiPath Launches Test Cloud

u00a92022u00a0Soledad.u00a0All Right Reserved. Designed and Developed byu00a0Penci Design.

@2021 - All Right Reserved. Designed and Developed by PenciDesign