MOVEit file transfer vulnerability exploited by hackers

2023-06-02 By admin

Security researchers have discovered that threat actors are using a serious zero-day flaw in the MOVEit file transfer product in a number of client scenarios.

According to BleepingComputer, MoveIt Transfer from Progress Software has a serious vulnerability that is being exploited by threat actors. The website reported that multiple organizations have been compromised and their data taken, although it is unknown when the exploitation took place and which threat actors are responsible for the attacks.

“Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment while our team produces a patch,” reads a security advisory from Progress.

Caitlin Condon, Senior Manager of Security Research at Rapid7, said that the majority of the occurrences appeared to be in the US. Progress issued a security advisory yesterday alerting users to a “Critical” vulnerability in MOVEit MFT and providing workarounds until patches are applied.

“Any organization using MOVEit should forensically examine the system to determine if it was already compromised and if data was stolen. Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data,” Mandiant Consulting Chief Technology Officer Charles Carmakal said in an email reported by Bank Info Security.

There is no information available regarding the zero-day vulnerability. However, the flaw is probably a web-facing vulnerability based on the banned ports.

Organizations are highly advised to stop any MOVEit Transfers until a fix for their version is available, then thoroughly investigate the server for signs of compromise before implementing the patch and turning it back on.

MOVEit

What is MOVEit transfer?

Using SFTP, SCP, and HTTP-based uploads, MOVEit Transfer is a managed file transfer (MFT) system created by Ipswitch, a division of Progress Software Corporation in the US, that enables businesses to securely move files between clients and business partners. Well, not that “secure” nowadays.