Starting on September 30, 2023, SentinelOne has observed actors exploiting the recently disclosed flaws in Progress’ WS_FTP against Windows servers running a vulnerable version of the software. The two highest severity vulnerabilities–CVE-2023-40044 and CVE-2023-42657–were assigned a CVSS score of 10 and 9.9, respectively. We observed at least three types of multi-stage attack chains, which begin with exploitation, and then commands to download a payload from a remote server, often via an IP-literal URL.

Click here for the full alert.