[MART] - Daily Diary #386 - Clop Ransomware exploiting SolarWinds Serv-U

[CTAS-MAT]

Hello,
I hope everyone is doing well!

Below is the entry for today.

11/09/2021 - Diary entry #386

A new campaign of Clop ransomware (covered in some of our Daily Diaries, such as #216, #234 and #236) was found targeting SolarWinds Serv-U.

Clop ransomware is known to use exploits for publicly disclosed vulnerabilities as infection vectors. In this case, the vulnerability tracked as CVE-2021-35211, affecting SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP, allows a remote actor to achieve Remote Code Execution in any Windows server using Serv-U Secure FTP for Windows before version 15.2.3 HF2.

Most recently, in our Daily Diary #287, we covered an international operation that ended up arresting six people accused of being members of the Clop gang. This incident shows that other of its members assumed the operation.

We highly recommend any company using SolarWinds' products to keep them up-to-date, and to isolate that from the other networks using a ZeroTrust solution like AppGate SDP.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211109/b37093de/attachment.htm>