A significant vulnerability has been exploited in the MOVEit Transfer application. MOVEit Transfer software, developed by Progress Software, is used by many financial institutions and government agencies to transfer files securely. This vulnerability could allow an attacker to gain unauthorized access to your MOVEit Transfer environment, leading to the theft of sensitive data.
A group known for ransomware attacks is responsible for exploiting this critical vulnerability that allows access to the files and data contained in the MOVEit transfer application. A number of U.S.-based companies have been attacked by this group since the security flaw was discovered in late May.
Who is affected?
As of June 16, 2023, it appears that all versions of MOVEit Transfer and MOVEit Cloud are affected by this vulnerability, as well as others recently discovered.
How does the exploit work?
The vulnerability can be exploited by sending a crafted request (SQL injection) to the MOVEit Transfer application, which bypasses authentication to grant unauthorized access to the database. Once an attacker has access to the database, they can steal sensitive information, credentials, and files.
What should you do?
Following the developer’s recommendation, it is strongly recommended that you apply recently published patches as soon as possible. If you are unable to apply this patch, you should immediately disable all HTTP and HTTPS traffic to your MOVEit Transfer application and environment to prevent exploitation of this vulnerability.
For more information regarding this vulnerability, please refer to the following:
- Progress Software Security Advisory: https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
- AXIOS: https://www.axios.com/2023/06/15/government-agencies-hacked-moveit-vulnerability
- Cybersecurity & Infrastructure Security Agency (CISA): https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability
- Symantec Enterprise Blogs: MOVEit Vulnerabilities: What You Need To Know: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/moveit-vulnerabilities-exploits
If you have any questions, please contact our team at TraceSecurity.