Security experts identified a vulnerability in Cl0p's data exfiltration tool, utilized in the MOVEit data breaches. The flaw, an improper input validation issue, permits the construction of OS commands through unsanitized inputs, holding a severity score of 8.9. This could potentially allow attackers to disrupt Cl0p's operations or steal sensitive data. Cl0p, notorious for extortion via the MOVEit supply chain attack, might be compromised by its own tool, and experts doubt that any corrective action will be taken by its developers.
The vulnerability in the Python-based software, which was used in the 2023-2024 MOVEit mass data raids, was discovered by Italian researcher Lorenzo N. This flaw, categorized as an improper input validation bug, has a severity score of 8.9 and arises from a lack of input sanitization, leading the tool to construct OS commands by concatenating attacker-supplied strings.
An authenticated endpoint on the Cl0p operators' staging/collection host passes file-or directory-names received from compromised machines straight into a shell-escape sequence, presenting a significant security risk.
Cl0p's rivals, or other attackers, could exploit this vulnerability to disrupt the cybercrime group's operations or even steal its data, utilizing their own tool for illicit purposes.
Despite the discovered vulnerability's potential impact, Alexandre Dulaunoy of CIRCL does not anticipate corrective measures being taken by the developers of the data exfiltration tool.
Collection
[
|
...
]