The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Adware, Botnets, Data leak, Obfuscation, Phishing, Zero-day vulnerabilities, and Zero-click exploits. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
(published: June 2, 2023)
A zero-day vulnerability in the MOVEit Transfer secure managed file transfer software (CVE-2023-34362) was announced by Progress Software Corporation on May 31, 2023. Mandiant researchers have observed a wide exploitation that had already started on May 27, 2023. This opportunistic campaign affected Canada, Germany, India, Italy, Pakistan, the US, and other countries. The attackers have been using the custom LEMURLOOT web shell masquerading as a legitimate component of the MOVEit Transfer. It is used to exfiltrate data previously uploaded by the users of individual MOVEit Transfer systems. This actor activity is dubbed UNC4857 and it has a low confidence similarity to FIN11-attributed data theft extortion via the CL0P ransomware data leak site.Analyst Comment: The US Cybersecurity and Infrastructure Security Agency added CVE-2023-34362 to its list of known exploited vulnerabilities, ordering US federal agencies to patch their systems by June 23, 2023. Network defenders should follow the Progress Software Corporation remediation steps that include hardening, detection, clean-up, and installing the recent MOVEit Transfer security patches. YARA rules and host-based indicators associated with the LEMURLOOT webshell are available in the Anomali platform for ..
Support the originator by clicking the read the rest link below.
