← All stories

Huntress

MFT Exploitation and Adversary Operations | Huntress

2023-11-29 · Read original ↗

ATT&CK techniques detected

6 predictions

T1210Exploitation of Remote Services

74%

"exploited host serves as a “ beachhead ” for further compromise. a combination of network visibility and monitoring ( for exfiltration as well as post - exploitation command and control behaviors ), as well as endpoint visibility and monitoring ( for signs of exploitation as well…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

65%

"##0p criminal group rapidly exploited thousands of exposed moveit instances to exfiltrate sensitive data for follow - on extortion. mft applications are critical for business operations, but unfortunately, patch cycles are often not as rapid as needed. this is especially true in …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

62%

"exploited host serves as a “ beachhead ” for further compromise. a combination of network visibility and monitoring ( for exfiltration as well as post - exploitation command and control behaviors ), as well as endpoint visibility and monitoring ( for signs of exploitation as well…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

62%

"actors are able to identify and exploit true zero - day vulnerabilities. as a result, while rapid vulnerability identification and agile patch management are necessary steps to securing mft applications, they remain insufficient on their own to mitigate the potential attack vecto…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1588.006Vulnerabilities

36%

"##0p criminal group rapidly exploited thousands of exposed moveit instances to exfiltrate sensitive data for follow - on extortion. mft applications are critical for business operations, but unfortunately, patch cycles are often not as rapid as needed. this is especially true in …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

35%

"mft exploitation and adversary operations | huntress threat actors of varying types continue to target managed file transfer ( mft ) applications for exploitation. the latest concerning mft vulnerability was identified by converge technology solutions, originally in august 2023 i…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Dive into our analysis of the CVE-2023-43117 threat in CrushFTP and the growing popularity of MFT application exploitation as a tactic for adversaries.