Microsoft reported the exploitation of a zero-day vulnerability, tracked as CVE-2023-47246, in the SysAid IT support software in limited attacks.
The IT giant linked the attacks to the Clop ransomware gang (aka Lace Tempest). The company reported the flaw to the software vendor which quickly fixed it.
The Lace Tempest operators exploited the vulnerability to issue commands via the SysAid software to deliver a loader for the Gracewire malware (aka FlawedGrace). The malware enabled human-operated activity, including lateral movement, data theft, and ransomware deployment.