Further MOVEit critical vulnerabilities discovered 

Home / Threat Intelligence bulletins / Further MOVEit critical vulnerabilities discovered 

MOVEit Transfer zero-day vulnerability exploited by threat actors

Threat Intelligence bulletin, 7th June 2023

Read bulletin

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Additional SQL injection vulnerabilities have been discovered within the MOVEit Transfer managed file transfer (MFT) solution. The CVE details are yet to be released. However, it should be noted that at the time of writing, no evidence exists to indicate that the vulnerabilities have been actively exploited in the wild.

Impact

Successful exploitation of these vulnerabilities allows threat actors to steal and modify client data from affected databases.

Vulnerability Detection

Progress Software has released a security patch pertaining to the vulnerability for the respective product versions. As such, previous versions are vulnerable to the potential exploitation.

Affected Products

All MOVEit Transfer versions

Containment, Mitigations & Remediations

It is strongly recommended that users apply the most recent security update as a matter of urgency. Details on how to apply the update can be found within the Progress Security advisory.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

The latest security update released by Progress Software has arrived just days following Clop ransomware operators claiming responsibility for exploiting a MOVEit zero-day vulnerability, tracked as CVE-2023-34362. The group has leveraged similar vulnerabilities in the past to achieve the objectives of data exfiltration and victim extortion. Clop ransomware operations have also been attributed to previous file transfer platform vulnerabilities such as the GoAnywhere MFT zero-day (CVE-2023-0669) in January 2023.

Threat Group

Although attribution to specific threat actors or groups is yet to be made regarding the most recent set of disclosed vulnerabilities, it is highly likely that Clop ransomware operators will leverage the flaws to further propagate their current attack campaign.

Mitre Methodologies

Common Attack Pattern Enumeration and Classification (CAPEC):

CAPEC-66 – SQL Injection

Further Information

Progress Security Bulletin

Intelligence Terminology Yardstick