#Stop Ransomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability

#Stop Ransomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability

DOWNLOAD PDF

SUMMARY
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023.

According to open source information, beginning on May 27, 2023, CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. Internet-facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases. In similar spates of activity, TA505 conducted zero-day-exploit-driven campaigns against Accellion File Transfer Appliance (FTA) devices in 2020 and 2021, and Fortra/Linoma GoAnywhere MFT servers in early 2023.

FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of CL0P ransomware and other ransomware incidents.

Actions to take today to mitigate cyber threats from CL0P ransomware:
– Take an inventory of assets and data, identifying authorized and unauthorized devices and software.
– Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications.
– Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers.
– Regularly patch and update software and applications to their latest versions, and conduct regular vulnerability assessments.

— SEE PDF FOR FULL INFORMATION —

CONTACT US