Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

06-06-2023
Share
Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest.

“Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,” the Microsoft Threat Intelligence team said in a series of tweets today. “CVE-2023-34362 allows attackers to authenticate as any user.”

The threat actor also has a track record of exploiting different zero-day flaws to siphon data and extort victims, with the group recently observed weaponizing a severe bug in PaperCut servers.

CVE-2023-34362 relates to an SQL injection vulnerability in MOVEit Transfer that enables unauthenticated, remote attackers to gain access to the application database and execute arbitrary code.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), last week, added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, recommending federal agencies to apply vendor-provided patches by June 23, 2023.

The development follows the similar zero-day mass exploitation of Accellion FTA servers in December 2020 and GoAnywhere MFT in January 2023, making it imperative that users apply the patches as soon as possible to secure against potential risks.

 

Source:  https://thehackernews.com/