02/06/2023

Critical MOVEit Transfer vulnerability in active exploitation – Action Recommended

Summary:

On May 31, 2023, Progress Software disclosed a critical vulnerability that impacts the MOVEit Transfer web application, which transfers files. Exploitation can lead to the deployment of a web shell and exfiltration of data. The vulnerability affects all versions of the software and is under active exploitation. As of this publication, it has not been assigned a CVE number.

An unauthenticated remote attacker could escalate privileges and gain unauthorized access via the MOVEit Transfer database. A post-exploitation web shell (human2.aspx) was first uploaded to the VirusTotal analysis service on May 28, suggesting the campaign was active since at least that date. The observed web shells appear to contain unique passwords for each victim, reducing the value of file hash-based detections.

Recommended actions:

Our Security Partner (Secureworks Counter Threat Unit) researchers recommend that customers review the vendor’s guidance and apply available patches as appropriate in their environments. The Progress Software advisory describes mitigations for organizations that cannot immediately upgrade.

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

References:

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners