Security News > 2023 > June > Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
2023-06-05 12:03

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest.

"Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.

The threat actor also has a track record of exploiting different zero-day flaws to siphon data and extort victims, with the group recently observed weaponizing a severe bug in PaperCut servers.

CVE-2023-34362 relates to an SQL injection vulnerability in MOVEit Transfer that enables unauthenticated, remote attackers to gain access to the database and execute arbitrary code.

There are believed to be at least over 3,000 exposed hosts utilizing the MOVEit Transfer service, according to data from attack surface management company Censys.

The U.S. Cybersecurity and Infrastructure Security Agency, last week, added the flaw to its Known Exploited Vulnerabilities catalog, recommending federal agencies to apply vendor-provided patches by June 23, 2023.


News URL

https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-34362 SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database.
network
low complexity
progress CWE-89
critical
 9.8
9.8