From helpnetsecurity.com
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362.
Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many exposed organizations as possible, including US government agencies and banks.
Microsoft is attributing the initial attacks to the Cl0p ransomware group (aka FIN11, or Lace Tempest – according to its new threat actor taxonomy).
Mandiant has also noted similarities between the tactics, techniques, and procedures (TTPs) used by these attackers and those associated with FIN11: the exploitation of zero day vulnerabilities to target file transfer systems and the use of tailored web shells for data theft.