Security News > 2023 > November > Microsoft and SysAid Find Clop Malware Vulnerability
SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.
The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."
After discovering the potential vulnerability on Nov. 2, SysAid called in Israel-based rapid incident response company Profero, which discovered the details of the vulnerability.
SysAid provided a list of indicators of compromise and steps to take in its blog post about this vulnerability.
The Clop ransomware delivered by attackers to SysAid on-prem software through the path traversal vulnerability first appeared in 2019.
Clop malware is associated with a Russian-aligned threat actor group known by the same name, which Microsoft says has "Overlaps" with Lace Tempest.
News URL
https://www.techrepublic.com/article/sysaid-clop-malware-vulnerability-exploitation/
Related news
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (source)