Security News > 2023 > November > Microsoft and SysAid Find Clop Malware Vulnerability
SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.
The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."
After discovering the potential vulnerability on Nov. 2, SysAid called in Israel-based rapid incident response company Profero, which discovered the details of the vulnerability.
SysAid provided a list of indicators of compromise and steps to take in its blog post about this vulnerability.
The Clop ransomware delivered by attackers to SysAid on-prem software through the path traversal vulnerability first appeared in 2019.
Clop malware is associated with a Russian-aligned threat actor group known by the same name, which Microsoft says has "Overlaps" with Lace Tempest.
News URL
https://www.techrepublic.com/article/sysaid-clop-malware-vulnerability-exploitation/
Related news
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited (source)