Lace Tempest Exploits Zero-Day in a Strategic Strike on SysAid
Lace Tempest Exploits Zero-Day in a Strategic Strike on SysAid
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
Lace Tempest has been implicated in exploiting a zero-day vulnerability, identified as CVE-2023-47246. This exploitation allows for the execution of code within SysAid on-premise software, leading to an unauthorized breach of corporate servers. The primary objectives of this breach include data theft and the deployment of the Clop ransomware.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.