Security News > 2023 > June > Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest.
"Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.
The threat actor also has a track record of exploiting different zero-day flaws to siphon data and extort victims, with the group recently observed weaponizing a severe bug in PaperCut servers.
CVE-2023-34362 relates to an SQL injection vulnerability in MOVEit Transfer that enables unauthenticated, remote attackers to gain access to the database and execute arbitrary code.
There are believed to be at least over 3,000 exposed hosts utilizing the MOVEit Transfer service, according to data from attack surface management company Censys.
The U.S. Cybersecurity and Infrastructure Security Agency, last week, added the flaw to its Known Exploited Vulnerabilities catalog, recommending federal agencies to apply vendor-provided patches by June 23, 2023.
News URL
https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |