CVE-2023-34362

Vulnerability updated 3 months ago (2024-08-14T09:31:19.546Z)
Download STIX
Preview STIX
CVE-2023-34362 is a critical software vulnerability found in Progress Software's managed file transfer (MFT) solution, MOVEit Transfer. This flaw was an SQL injection vulnerability that allowed for escalated privileges and unauthorized access. The vulnerability became active on May 27, 2023, when it was first exploited by the CL0P Ransomware Gang, also known as TA505 or Lace Tempest. The group is notorious for its large-scale hacks using ransomware, and this time they leveraged the zero-day vulnerability in MOVEit to launch their campaign. The exploitation of CVE-2023-34362 had a significant impact, affecting more than 2,600 organizations globally. A considerable 61% of third-party breaches were attributed to this vulnerability, including victims who did not directly use MOVEit but whose data was exposed through a service provider. By December 1, 2023, the number of victims affected by the MOVEit vulnerability had reached 2,098 according to intelligence sources. The MOVEit vulnerability was one of several significant vulnerabilities exploited during Q2 and Q3 of 2023, alongside others found in PaperCut and Citrix products. The threat actor behind these attacks, believed to be an affiliate of the Clop ransomware gang, has previously been linked to large-scale hacking campaigns. The exploitation of CVE-2023-34362 demonstrates the serious risks posed by software vulnerabilities and underscores the importance of prompt patching and robust cybersecurity measures.
Description last updated: 2024-08-14T08:59:36.056Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Clop is a possible alias for CVE-2023-34362. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin
13
TA505 is a possible alias for CVE-2023-34362. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
4
Lace Tempest is a possible alias for CVE-2023-34362. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Moveit
Vulnerability
Ransomware
Exploit
Zero Day
exploited
Mft
flaw
Exploits
exploitation
Poc
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lemurloot Malware is associated with CVE-2023-34362. LemurLoot is a malicious software, or malware, specifically a web shell written in C# that targets the MOVEit Transfer platform. It was developed and deployed by the CL0P ransomware group to exploit vulnerabilities in systems and steal data. In May 2023, the group exploited a SQL injection zero-day Unspecified
3
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The cl0p Threat Actor is associated with CVE-2023-34362. Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for atUnspecified
5
The Clop Ransomware Group Threat Actor is associated with CVE-2023-34362. The Clop ransomware group, a malicious threat actor in the cybersecurity landscape, has been actively exploiting vulnerabilities in software to execute their attacks. The group is known for its harmful activities that involve the execution of actions with malicious intent. They could be individuals,Unspecified
4
The fin11 Threat Actor is associated with CVE-2023-34362. FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after steis related to
2
The Clop Gang Threat Actor is associated with CVE-2023-34362. The Clop Gang, a cyber threat actor known for its malicious activities, has posed significant challenges to cybersecurity in various sectors. The group is notorious for executing actions with harmful intent and has been particularly active in recent years. As part of their operations, they can rangeUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Moveit Transfer Vulnerability Vulnerability is associated with CVE-2023-34362. The MOVEit Transfer vulnerability, officially designated as CVE-2023-34362, is a flaw in software design or implementation that has been exploited by the Cl0p ransomware group. Despite initial concerns, there's no evidence that the Cl0p ransomware was deployed when this vulnerability was recently exis related to
5
The CVE-2023-0669 Vulnerability is associated with CVE-2023-34362. CVE-2023-0669 is a serious software vulnerability that was identified in Fortra's GoAnywhere Managed File Transfer (MFT) secure file transfer tool. This flaw, which allowed for remote code execution, was exploited by the Clop ransomware group as a zero-day vulnerability. The group launched a major cUnspecified
2
The CVE-2023-35036 Vulnerability is associated with CVE-2023-34362. CVE-2023-35036 is a significant vulnerability identified in the MOVEit Transfer software, part of the Progress Software suite. This flaw was first reported on June 16, 2023, following the discovery and exploitation of CVE-2023-34362 by a Clop ransomware affiliate. The CVE-2023-35036 vulnerability prUnspecified
2
Source Document References
Information about the CVE-2023-34362 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
6 days ago
CISA
6 days ago
BankInfoSecurity
2 months ago
Yori
2 months ago
Yori
2 months ago
BankInfoSecurity
3 months ago
InfoSecurity-magazine
3 months ago
DARKReading
4 months ago
CISA
4 months ago
DARKReading
5 months ago
DARKReading
7 months ago
InfoSecurity-magazine
7 months ago
Unit42
7 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
InfoSecurity-magazine
9 months ago
Unit42
10 months ago