Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Exploiting vulnerabilities in file transfer software for businesses and medical practices can result in a treasure trove of valuable data and the opportunity to try to extort oh, so many victims. First it was an Accellion vulnerability, exploited by Cl0p (past coverage). Then it was a Fortra GoAnywhere vulnerability, exploited by Cl0p (past coverage). Now we are hearing about a MOVEit flaw being exploited. Michael Novinson reports: Adversaries are taking advantage of a recently patched vulnerability in Progress Software’s managed file transfer product to deploy web shells and steal data. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27 and in some cases has taken data within minutes of deploying the web shells. Security researchers at Mandiant attribute the activity to a newly created threat cluster with unknown motivations dubbed UNC4857 that has gone after organizations across a wide range of industries based in Canada, India and the United States (see: Hackers Exploit Progress MOVEit File Transfer Vulnerability).  Read more at GovInfoSecurity.

About The Author