First Seen: May 31, 2023
Affected Platforms: Progress MOVEit Transfer
Malware: Clop Ransomware
Threat Actor: Lace Tempest (aka FIN11, DEV-0950)
Impact: The MOVEit Transfer vulnerability is that it allows for unauthorized access to the database, potential manipulation or deletion of its contents, and exploitation of affected systems.
CVE-2023-34362 is a zero-day vulnerability that affects MOVEit Transfer, a file transfer software. This vulnerability is categorized as a SQL injection flaw, which means that it allows an attacker to inject malicious SQL code into the application’s database queries. Exploiting this vulnerability can result in unauthorized access to the MOVEit Transfer database, as well as potential manipulation or deletion of its
contents. The vulnerability was discovered in May 2023 and has been actively exploited in the wild. Attackers can exploit this vulnerability through both HTTP and HTTPS protocols. All versions of MOVEit Transfer are affected.
This vulnerability has been exploited by Lace Tempest (aka FIN11, DEV-0950), a threat actor group known for ransomware activities and operating the Clop extortion site. This exploit allows attackers to authenticate as any user and enables data exfiltration. Lace Tempest has a track record of using similar vulnerabilities to steal data and extort victims.