Moveit Transfer Vulnerability

Vulnerability Profile Updated 18 days ago
Download STIX
Preview STIX
The MOVEit Transfer vulnerability, officially designated as CVE-2023-34362, is a flaw in software design or implementation that has been exploited by the Cl0p ransomware group. Despite initial concerns, there's no evidence that the Cl0p ransomware was deployed when this vulnerability was recently exploited. However, the Cl0p group did claim responsibility for exploiting the vulnerability, which led to significant discussions around third-party risk. The exploitation of this vulnerability by the Cl0p group affected an estimated 1,000 organizations and 60 million individuals, making it a major event in cybersecurity history. Progress Software, the company behind MOVEit Transfer, discovered the vulnerability and issued guidance on how to address it. They advised users to upgrade to the latest version of the software to mitigate the risks associated with the vulnerability. This was not the only vulnerability found in MOVEit Transfer; Progress Software also discovered two additional vulnerabilities, CVE-2023-35708 and CVE-2023-35036, further highlighting the need for regular software updates and patching. The MOVEit Transfer vulnerability issue has underscored the importance of managing third-party risk. In the United States alone, almost all incidents related to this issue originated from the MOVEit Transfer vulnerability. The Snakefly cybercrime group (also known as Clop) advanced their extortion attacks in 2023 by exploiting this vulnerability. By targeting all their victims simultaneously, they left little room for effective defense strategies. As such, companies are urged to take proactive measures to protect against such threats, including keeping software up-to-date and regularly reviewing their security posture.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
CVE-2023-34362
5
CVE-2023-34362 is a critical SQL injection vulnerability discovered in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. This flaw in software design or implementation was first exploited by the CL0P Ransomware Gang, also known as TA505, beginning on May 27, 2023. Th
CVE-2023-35036
1
CVE-2023-35036 is a significant vulnerability identified in the MOVEit Transfer software, part of the Progress Software suite. This flaw was first reported on June 16, 2023, following the discovery and exploitation of CVE-2023-34362 by a Clop ransomware affiliate. The CVE-2023-35036 vulnerability pr
CVE-2023-35708
1
CVE-2023-35708 is a critical software vulnerability, specifically an SQL injection flaw, that affected the MOVEit Transfer application. This issue was identified as a privilege escalation vulnerability, meaning it could potentially allow unauthorized users to gain elevated access rights within the s
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Moveit
Exploit
Ransomware
Mft
Vulnerability
CISA
Malware
Extortion
Sentinelone
Cybercrime
Health
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ClopUnspecified
6
Clop is a notorious malware, short for malicious software, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Clop can steal personal information, disrupt operations, or h
LemurlootUnspecified
1
LemurLoot is a malicious software, or malware, specifically a web shell written in C# that targets the MOVEit Transfer platform. It was developed and deployed by the CL0P ransomware group to exploit vulnerabilities in systems and steal data. In May 2023, the group exploited a SQL injection zero-day
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Clop Ransomware GroupUnspecified
2
The Clop ransomware group, a malicious threat actor, has been actively involved in significant cyber attacks. These include the exploitation of SysAid zero-day vulnerabilities and a major attack on Progress Software's MOVEit secure file transfer tool in 2023. The cybersecurity community has identifi
SnakeflyUnspecified
1
Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2024-5806Unspecified
1
None
Source Document References
Information about the Moveit Transfer Vulnerability Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
18 days ago
New MOVEit Transfer critical bug is actively exploited
CERT-EU
4 months ago
Decoded Technology Law Insights, V 5, Issue 2, March 2024
Unit42
5 months ago
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
CERT-EU
6 months ago
Data Breaches and Cyber Attacks in the USA in December 2023 – 1,613,496,782 Records Breached - IT Governance USA Blog
CERT-EU
7 months ago
LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1) | The Last Watchdog
Flashpoint
a year ago
No title
DARKReading
a year ago
Third MOVEit Transfer Vulnerability Disclosed by Progress Software
Unit42
9 months ago
CL0P Seeds ^_- Gotta Catch Em All!
CERT-EU
10 months ago
Clop gang stolen data from major North Carolina hospitals | #cybercrime | #infosec | National Cyber Security Consulting
Securityaffairs
a year ago
Norton parent firm Gen Digital, was victim of a MOVEit ransomware attack
Securityaffairs
a year ago
Schneider Electric and Siemens Energy are two more victims of a MOVEit attack
CERT-EU
a year ago
Ransomware Surges in Nuspire’s Q2 2023 Threat Report
CERT-EU
a year ago
MOVEit Data Breach Victims Sue Progress Software
Securityaffairs
a year ago
Clop ransomware gang claims the hack of hundreds of victims
Securityaffairs
a year ago
Experts found new MOVEit Transfer SQL Injection flaws
CERT-EU
a year ago
How to Use FAIR Analysis to Quantify Risk from the MOVEit Vulnerability
CERT-EU
a year ago
MOVEit Transfer Vulnerability (CVE-2023-34362) | Kroll | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
MOVEit Transfer Zero-Day Vulnerability: What Companies Need to Know
CERT-EU
a year ago
Ransomware gang Clop prepped zero-day MOVEit attacks in 2021
Securityaffairs
a year ago
Clop gang was testing MOVEit Transfer bug since 2021