Mandiant Top 5 of the Month – June

Mandiant Resources in response to MOVEit Breach

Rapid Response Case Study: MOVEit as fast as you can.

We can’t predict when the next major zero-day vulnerability will hit, but we can do our best to be prepared for when it does.

On May 31, 2023 the MOVEit Transfer vulnerability was announced and assigned CVE-2023-34362. Mandiant saw evidence of exploitation as early as May 27, 2023.

UNC4857, recently merged with FIN11, has been very active in exploiting this vulnerability.

Watch NOW

Zero-Day Vulnerability in MOVEit Transfer Expolited for Data Theft

Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft.

This blog post will provide you an overview of what we have observed and who this is now attributed to. (9 minute read)

Read HERE

Content

MOVEit Transfer: Containment and Hardening Guide

Mandiant has made available a document that provides containment and hardening steps that should be considered for leverage the MOVEit Transfer application.

Download HERE

Mandiant Threat Actor Analysis - FIN11

(Only available through Mandiant Advantage Threat Intelligence Platform. Register HERE for free, if you do not already have access)

Starting in late May 2023, FIN11 exploited a zero-day vulnerability in numerous organizations' MOVEit Transfer servers, then deployed the LEMURLOOT web shell.

The threat group used LEMURLOOT to escalate privileges within the MOVEit Transfer software and enumerate accessible files before they ultimately exfiltrated data.

On June 6, 2023, a post was published on the CL0P^_- LEAKS data leak site (DLS) claiming responsibility for the intrusions and threatening to post stolen data if victims did not pay an extortion fee.

Read HERE for more analysis about this financially motivated Threat Group.