Security News > 2023 > June > Exploit released for MOVEit RCE bug used in data theft attacks
Horizon3 security researchers have released proof-of-concept exploit code for a remote code execution bug in the MOVEit Transfer managed file transfer solution abused by the Clop ransomware gang in data theft attacks.
With the release of this RCE PoC exploit, more threat actors will likely move quickly to deploy it in attacks or create their own custom versions to target any unpatched servers left exposed to Internet access.
Given the widespread media coverage of the attacks exploiting the vulnerability, it is expected that the number of unsecured MOVEit Transfer servers on the internet has sharply decreased since Clop began exploiting the bug.
The Clop ransomware gang has claimed responsibility for the data-theft attacks exploiting the CVE-2023-34362 MOVEit Transfer zero-day in a message sent to Bleepingomputer, attacks that allegedly impacted "Hundreds of companies."
Clop was also linked to the attacks by Microsoft, who attributed this data theft campaign to the Lace Tempest hacking group, which overlaps with FIN11 and TA505 activity.
The list of organizations that have disclosed data breaches following these attacks includes, among others, the EY British multinational, the Irish Health Service Executive public healthcare system, UK-based provider of payroll and HR solutions Zellis and some of its customers.
News URL
Related news
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |