Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft confirmed Clop ransomware gang responsible for MOVEit data-theft attacks
2 min. read
Published onJune 5, 2023
published onJune 5, 2023
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
In a recent revelation, it has come to light that hackers are taking advantage of a newly discovered vulnerability in MOVEit Transfer, a widely used file-transfer tool employed by enterprises for sharing large files online. Microsoft, in its investigation, has identified the Clop ransomware gang as the culprit behind the recent attacks that exploit a zero-day vulnerability in the MOVEit Transfer platform. Their objective has been to steal data from various organizations.
This vulnerability has enabled unauthorized access to the databases of affected MOVEit servers. Progress Software, the developer of MOVEit software, has already taken steps to address this issue by releasing several patches.
According to a tweet by the Microsoft Threat Intelligence team on Sunday night, the attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability have been attributed to Lace Tempest, a threat actor known for ransomware operations and operating the Clop extortion site.
Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims.pic.twitter.com/q73WtGru7j
— Microsoft Threat Intelligence (@MsftSecIntel)June 5, 2023
MOVEit Transfer is a managed file transfer (MFT) solution that enables secure file transfers between enterprises, business partners, and customers through protocols like SFTP, SCP, and HTTP-based uploads.
The attacks, which are believed to have commenced on May 27th during the extended US Memorial Day holiday, have resulted in the theft of valuable data from numerous organizations.
To execute their malicious activities, the threat actors exploited the zero-day vulnerability in MOVEit Transfer to deploy specially crafted webshells on servers. These webshells allowed the hackers to obtain a list of files stored on the server, download files, and steal credentials and secrets associated with configured Azure Blob Storage containers.
The Clop ransomware operation has a history of targeting managed file transfer software, previously exploiting a GoAnywhere MFT zero-day in January 2023 and conducting zero-day attacks on Accellion FTA servers in 2020.
Authorities and affected organizations are actively working to mitigate the impact of these attacks and prevent further exploitation of the vulnerability. It is crucial for enterprises utilizing MOVEit Transfer to promptly apply the released patches and ensure the security of their systems to safeguard their valuable data.
Via:Bleeping Computer
Radu Tyrsina
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).
For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.
Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Radu Tyrsina
