TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

MOVEit Transfer Critical Vulnerability CVE-2023-34362 | Huntress

2023-06-01 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
97%
", rapid7 and horizon3. ai have publicly released their own recreated proof - of - concept exploit. microsoft has now attributed this threat to " lace tempest " ( per their new naming scheme ) or the group behind the cl0p ransomware gang. this is the same conclusion drawn by many …"
T1190Exploit Public-Facing Application
96%
"233 user - agent - 2002023 - 05 - 30 17 : 06 : 11 192. 168. # # #. # # # post / guestaccess. aspx - 443 - 5. 252. 190. 116 user - agent - 2002023 - 05 - 30 17 : 06 : 21 192. 168. # # #. # # # get / human2. aspx - 443 - 5. 252. 191. 88 user - agent - 404 ( for the sake of brevity …"
T1190Exploit Public-Facing Application
88%
"vendor progress had just released a security advisory expressing there is a critical vulnerability that could lead to unauthorized access. on june 2, the industry dubbed this vulnerability as cve - 2023 - 34362. progress brought down moveit cloud as part of their response and inv…"
T1190Exploit Public-Facing Application
44%
") - 138. 197. 152 [. ] 201 - 209. 97. 137 [. ] 33 resources and references - the latest from progress : https : / / community. progress. com / s / article / moveit - transfer - critical - vulnerability - 31may2023 - reddit r / sysadmin : https : / / www. reddit. com / r / sysadmi…"
T1190Exploit Public-Facing Application
40%
"user moveitsvc, which is in the local administrators group. the attacker could disable antivirus protections, or achieve any other arbitrary code execution. the behavior that the industry observed, adding a human2. aspx webshell, is not necessary for attackers to compromise the m…"

Summary

Our team is tracking in-the-wild exploitation of a zero-day vulnerability against Progress' MOVEit Transfer web application that allows for escalated privileges and unauthorized access.