Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Lace Tempest Exploits SysAid IT Support Software Vulnerability

    justmattgBy justmattgNovember 9, 2023No Comments3 Mins Read

    [ad_1]

    Nov 09, 2023NewsroomVulnerability / Zero Day

    SysAid IT Support Software Vulnerability

    The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft.

    Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers.

    The issue, tracked as CVE-2023-47246, concerns a path traversal flaw that could result in code execution within on-premise installations. It has been patched by SysAid in version 23.3.36 of the software.

    “After exploiting the vulnerability, Lace Tempest issued commands via the SysAid software to deliver a malware loader for the Gracewire malware,” Microsoft said.

    Cybersecurity

    “This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment.”

    According to SysAid, the threat actor has been observed uploading a WAR archive containing a web shell and other payloads into the webroot of the SysAid Tomcat web service.

    The web shell, besides providing the threat actor with backdoor access to the compromised host, is used to deliver a PowerShell script that’s designed to execute a loader that, in turn, loads Gracewire.

    Also deployed by the attackers is a second PowerShell script that’s used to erase evidence of the exploitation after the malicious payloads had been deployed.

    Furthermore, the attack chains are characterized by the use of the MeshCentral Agent as well as PowerShell to download and run Cobalt Strike, a legitimate post-exploitation framework.

    Organizations that use SysAid are highly recommended to apply the patches as soon as possible to thwart potential ransomware attacks as well as scan their environments for signs of exploitation prior to patching.

    Cybersecurity

    The development comes as the U.S. Federal Bureau of Investigation (FBI) warned that ransomware attackers are targeting third-party vendors and legitimate system tools to compromise businesses.

    “As of June 2023, the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victims’ account,” FBI said.

    Should a victim fall for the ruse and call the provided phone number, the malicious actors directed them to install a legitimate system management tool via a link provided in a follow-up email.”

    The attackers then used the management tool to install other authentic software that can be repurposed for malicious activity, the agency noted, adding the actors compromised local files and network shared drives, exfiltrated victim data, and extorted the companies.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleSandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes
    Next Article A Chatbot for Hot Ones
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑