Security News > 2023 > November > Microsoft and SysAid Find Clop Malware Vulnerability
SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.
The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."
After discovering the potential vulnerability on Nov. 2, SysAid called in Israel-based rapid incident response company Profero, which discovered the details of the vulnerability.
SysAid provided a list of indicators of compromise and steps to take in its blog post about this vulnerability.
The Clop ransomware delivered by attackers to SysAid on-prem software through the path traversal vulnerability first appeared in 2019.
Clop malware is associated with a Russian-aligned threat actor group known by the same name, which Microsoft says has "Overlaps" with Lace Tempest.
News URL
https://www.techrepublic.com/article/sysaid-clop-malware-vulnerability-exploitation/
Related news
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)