June 5, 2023Ravi LakshmananZero-day/cyberattack

Microsoft has formally linked ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application with the threat actors it tracks. lace tempest.

“Web shells with data extraction capabilities are often deployed after exploits,” said the Microsoft Threat Intelligence team. Said In today’s series of tweets. “CVE-2023-34362 allows attackers to authenticate as arbitrary users.”

Race Tempest, also known as Storm-0950, is a ransomware affiliate that overlaps with other groups such as FIN11, TA505, and Evil Corp. Also known for running the Cl0p extortion site.

cyber security

The actor also has a track record of exploiting various zero-day flaws to siphon data and extort victims, and recently the group was observed weaponizing critical bugs in the PaperCut servers.

CVE-2023-34362 is related to a SQL injection vulnerability in MOVEit Transfer that allows unauthenticated, remote attackers to access databases and execute arbitrary code.

According to data from attack surface management company Censys, there are believed to be at least 3,000 public hosts using the MOVEit Transfer service.

upcoming webinars

🔐 Mastering API Security: Understanding Your True Attack Surface

Uncover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!

join the session

Google-owned Mandiant, which tracks this activity under the name UNC4857 and labels the webshell LEMURLOOT, said it had identified extensive tactical ties to FIN11.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog last week, with federal agencies applying a vendor-supplied patch by June 23, 2023. recommended to do so.

This development follows similar zero-day mass exploits against Accellion FTA Server in December 2020 and GoAnywhere MFT in January 2023, and users should patch them as soon as possible to protect against potential risks. has become essential.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog