Security News > 2023 > November > Microsoft and SysAid Find Clop Malware Vulnerability

Microsoft and SysAid Find Clop Malware Vulnerability
2023-11-10 20:18

SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.

The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."

After discovering the potential vulnerability on Nov. 2, SysAid called in Israel-based rapid incident response company Profero, which discovered the details of the vulnerability.

SysAid provided a list of indicators of compromise and steps to take in its blog post about this vulnerability.

The Clop ransomware delivered by attackers to SysAid on-prem software through the path traversal vulnerability first appeared in 2019.

Clop malware is associated with a Russian-aligned threat actor group known by the same name, which Microsoft says has "Overlaps" with Lace Tempest.


News URL

https://www.techrepublic.com/article/sysaid-clop-malware-vulnerability-exploitation/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 708 787 4603 4657 3640 13687
Sysaid 7 0 22 5 6 33