Microsoft: MOVEit hackers are exploiting a zero-day flaw in IT support tool SysAid in “limited” attacks to access corporate servers and deploy Clop ransomware
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access …
BleepingComputer Bill Toulas
Related Coverage
- SysAid On-Prem Vulnerability Disclosure Profero
- CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest Rapid7 · Caitlin Condon
- SysAid warns customers to patch after ransomware gang caught exploiting new zero-day flaw TechCrunch · Carly Page
- SysAid zero-day exploited by Clop ransomware group Security Affairs · Pierluigi Paganini
- SysAid tells customers to patch immediately after Microsoft flags ransomware campaign exploiting new zero-day flaw TechRadar
- Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability The Hacker News
- Critical Vulnerability: SysAid CVE-2023-47246 Huntress
- SysAid Releases Patch for Zero-Day Vulnerability Exploited by Clop Ransomware WinBuzzer · Luke Jones
- Clop ransomware gang targets zero-day vulnerability in SysAid support software cybersecurityconnect.com.au · David Hollingworth
- MOVEit Gang Targets SysAid Customers With Zero-Day Attacks Infosecurity · Phil Muncaster
- Microsoft warns SysAid vulnerability is being used to deploy Clop ransomware SiliconANGLE · Duncan Riley
- MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks Dark Reading · Becky Bracken
- MOVEit Hackers Turn to SysAid Zero-Day Bug HealthcareInfoSecurity.com · Mihir Bagwe
- Hacker Group Behind MOVEit Now Targeting ITSM Platform, Microsoft Says CRN · Kyle Alspach
- MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts The Register · Connor Jones
- MOVEit hackers Cl0p exploit SysAid zero-day - Microsoft Cybernews.com · Vilius Petkauskas
- Ransomware gang behind MOEVit attacks are targeting new zero-day, Microsoft says The Record · Jonathan Greig
- SysAid Zero-Day Vulnerability Exploited by Ransomware Group SecurityWeek · Eduard Kovacs
- Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched. — Link: https://twitter.com/... … @simontsui@infosec.exchange · Simon
Discussion
-
@msftsecintel
@msftsecintel
on x
Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched.
-
@msftsecintel
@msftsecintel
on x
After exploiting the vulnerability, Lace Tempest issued commands via the SysAid software to deliver a malware loader for the Gracewire malware. This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment.
-
@msftsecintel
@msftsecintel
on x
Lace Tempest (which overlaps with threat actors tracked by other researchers as FIN11 and TA505) similarly exploited a 0-day vulnerability in MOVEit Transfer in June: https://twitter.com/...
-
@lindseyod123
Lindsey O'Donnell Welch
on x
In the attacks that Microsoft and SysAid have seen, the attackers exploited the vulnerability to upload a webshell and other files to the target system. https://duo.com/...
-
@catc0n
Caitlin Condon
on x
A small bit of potentially good news on the new SysAid 0day (CVE-2023-47246) — it looks like there are only a few hundred servers exposed to the internet. https://www.rapid7.com/...
-
@zoomeye_team
@zoomeye_team
on x
🚨🚨A 0day vulnerability exploited by SysAid On-Prem Software in the wild was discovered by the Microsoft Threat Intelligence Team @sysaid CVE-2023-47246 #ZoomEyeDork app:"SysAid On-Prem Software" About 860 results,mainly distributed in Italy,the United States and other...
-
@jgreigj
Jon Greig
on x
Clop is back, now exploiting a new zero-day in SysAid IT support software. A patch has been released for CVE-2023-47246 @TheRecord_Media #SysAid #MoveIt #Clop https://therecord.media/...