{"id":9111,"date":"2023-06-14T19:11:03","date_gmt":"2023-06-14T13:41:03","guid":{"rendered":"https:\/\/threatcop.com\/blog\/?p=9111"},"modified":"2024-08-13T14:40:23","modified_gmt":"2024-08-13T09:10:23","slug":"zero-day-vulnerability-in-moveit-file-sharing-application","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/","title":{"rendered":"Vulnerability in MOVEit, File Sharing App, Exposes Corporate Data"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Progress Software Corporation, an American public company, issued an alert on May 31, 2023, regarding a critical <\/span><b>SQL injection vulnerability discovered in their MOVEit Transfer solution<\/b><span style=\"font-weight: 400;\">. Following this disclosure, numerous organizations like<\/span><b> BBC, and British Airways have come forward to reveal that they have fallen victim to cyber-attacks<\/b><span style=\"font-weight: 400;\"> stemming from a zero-day vulnerability (CVE-2023-34362) in the file transfer product. According to reports, the <\/span><b>cybercriminal gang known as Clop, believed to be of Russian origin, is responsible for the attack.<\/b><span style=\"font-weight: 400;\"> The group appears to specifically target organizations in North America and the UK, indicating they have gained full control over a MOVEit installation.<\/span><\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#What_is_MOVEit_and_Why_is_it_important\" >What is MOVEit and Why is it important?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#How_It_All_Began_Uncovering_the_MOVEit_Transfer_Vulnerability\" >How It All Began: Uncovering the MOVEit Transfer Vulnerability<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Who_is_Behind_the_Attack\" >Who is Behind the Attack?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Big_Companies_Affected\" >Big Companies Affected<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Are_You_a_MOVEit_User_Here_is_what_you_need_to_know\" >Are You a MOVEit User? Here is what you need to know<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Turn_off_all_HTTP_and_HTTP_traffic_going_to_your_MOVEit_Transfer_environment\" >Turn off all HTTP and HTTP traffic going to your MOVEit Transfer environment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Conduct_a_Comprehensive_Security_Audit-_Review_Delete_and_Reset\" >Conduct a Comprehensive Security Audit- Review, Delete, and Reset<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Apply_the_Patch\" >Apply the Patch<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#Enable_Web_Traffic_Verify_and_Monitor\" >Enable Web Traffic, Verify, and Monitor<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#FAQs_MOVEit_Zero-day_Vulnerability_Attack\" >FAQs: MOVEit Zero-day Vulnerability Attack<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<!doctype html>\n<html lang=\"en\">\n  <head>\n\n   <style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n <head>\n<body>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n\n<div class=\"row\">\n   <div class=\"colLeft\">\n      <p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n      <p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n      <div>\n         <div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\"> \n               <div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a>\n               <\/div>\n            <\/form>\n         <\/div>\n      <\/div>\n   <\/div>\n\n   <div class=\"colRight\">\n      <div>\n         <div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\">\n         <\/div>\n      <\/div>\n   <\/div>\n\n<\/div>\n<\/div>\n\n<\/body>\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">On June 6, 2023, several notable organizations including the <\/span><b>BBC, Boots, and British Airways (BA) confirmed their exposure to a vulnerability. <\/b><span style=\"font-weight: 400;\">The BBC has informed its staff that personal information such as ID numbers, dates of birth, home addresses, and National Insurance numbers have been compromised in the attack. BA employees have also been notified of the potential theft of their banking details. The <\/span><b>attack has affected companies that use Zellis<\/b><span style=\"font-weight: 400;\"> as their payroll service and human resource department, which is the UK\u2019s leading payroll provider.<\/span><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_MOVEit_and_Why_is_it_important\"><\/span><b>What is MOVEit and Why is it important?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">MOVEit is a file transfer software owned by software solution provider, Progress Software Corporation. It encrypts files and implements secure transfer protocols to transfer data between organizations and customers. With its extensive user base spanning various industries, including healthcare, Progress Software Corporation\u2019s MOVEit is widely recognized as a premier Managed File Transfer (MFT) software. However, there have been <strong>reports of a zero-day vulnerability in the software<\/strong> that has been exploited by hackers. The vulnerability is <strong>a SQL injection vulnerability that could allow a hacker to gain unauthorized access to the database of MOVEit<\/strong>.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_It_All_Began_Uncovering_the_MOVEit_Transfer_Vulnerability\"><\/span><b>How It All Began: Uncovering the MOVEit Transfer Vulnerability<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-text-align-center wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-9112 alignnone\" style=\"font-weight: bold;\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/Architecture-of-MOVEit-transfer.png\" alt=\"Progress Software MOVEit vulnerability\" width=\"800\" height=\"425\"><span style=\"color: #000000; font-size: 14px; font-weight: bold; text-align: center;\">Architecture of MOVEit transfer<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Alerting its users, Progress Software Corporation on May 30, 2023, informed that it has found a <\/span><b>vulnerability dubbed CVE-2023-34362 in MOVEit Transfer and related MOVEit Cloud products.<\/b><span style=\"font-weight: 400;\"> The American company published an advisory when it discovered the zero-day SQL injection vulnerability. The advisory highlights that the extent of the <\/span><b>vulnerability&#8217;s impact varies depending on the specific database engine employed, such as Azure SQL, MySQL, and Microsoft SQL Server<\/b><span style=\"font-weight: 400;\">. <\/span><b>Both the HTTP and HTTPS protocols can be used to exploit unpatched systems<\/b><span style=\"font-weight: 400;\">, giving attackers access to sensitive database data as well as the ability to execute SQL commands for changing or deleting database items.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Read More: <\/b><\/span><em><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/zero-day-attack\/\"><b>Zero-Day Attack: Protect Your Organization from the Unforeseen<\/b><\/a><\/span><\/em><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"2160\" height=\"1070\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/Infographic-website.jpg\" alt=\"Zero day vulnerabilty in MOVEit\" class=\"wp-image-9121\"\/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Whereas, public reports broke the news on May 27, 2023, claiming that the attacks against this vulnerability were true zero-day attacks. They started around this time when the American company wasn\u2019t even knowing about it or no patch was available. Reports asserted that attacks have<\/span><b> focused on creating web shells on vulnerable systems and utilizing the credentials to steal data from compromised systems.&nbsp;&nbsp;<\/b><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-9113 size-full\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"378\" height=\"564\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/Shodan-search-engine-results-for-internet-facing-MOVEit-instances.-Image-Shodan.jpg\" alt=\"Shodan-search-engine-results-for-internet-facing-MOVEit-instances.\" class=\"wp-image-9113\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">Search engine results for internet-facing MOVEit instances. (Source: Shodan)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">As of May 31, it was discovered that some <\/span><b>2,500 instances of MOVEit Transfer were visible on the public internet,<\/b><span style=\"font-weight: 400;\"> with the majority of them appearing to be based in the United States, according to recent data. A Shodan <\/span><b>search for exposed MOVEit Transfer instances returned over 2,500 results, the majority of which belonged to US customers<\/b><span style=\"font-weight: 400;\">. Previous analyses conducted by cybersecurity experts have highlighted similar vulnerabilities, where <\/span><b>SQL injection flaws could lead to remote code execution (RCE)<\/b><span style=\"font-weight: 400;\"> and serve as an initial access point for threat actors to infiltrate corporate networks.<\/span><\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">In recent times, file transfer solutions have increasingly become a prime target for cyber attackers, including ransomware groups. Later on June 2, the vulnerability was officially <\/span><b>assigned the<\/b> <b>identifier CVE-2023-34362<\/b><span style=\"font-weight: 400;\"> in the updated advisory by Progress Software. Prior to the security advisory, <\/span><b>threat actors had already exploited the vulnerability for at least four days<\/b><span style=\"font-weight: 400;\">. In light of this, Progress Software urges MOVEit customers to examine their systems for any <\/span><b>signs of unauthorized access spanning &#8220;at least the past 30 days.&#8221;<\/b><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>You can read more about- <\/b><\/span><em><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/ransomware-statistics\/\"><b>Ransomware Statistics For 2022<\/b><\/a><\/span><\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Who_is_Behind_the_Attack\"><\/span><b>Who is Behind the Attack?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">On June 4, 2023, a&nbsp; <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/ransomware-as-a-service\/\"><span style=\"font-weight: 400;\">ransomware<\/span><\/a><span style=\"font-weight: 400;\"> actor group known as <\/span><b>&#8220;Lace Tempest or Clop Group&#8221; was attributed to the attacks by Microsoft Threat Intelligence<\/b><span style=\"font-weight: 400;\">. This group has gained notoriety for its involvement in ransomware operations and running the Clop extortion site. They are also recognized in the industry by <\/span><b>alternative names such as FIN11, DEV-0950, and TA505. <\/b><span style=\"font-weight: 400;\">In a communication posted on their leak site on June 6, the <\/span><b>Clop ransomware gang asked<\/b> <b>victims to contact them before June 14 to negotiate extortion fees <\/b><span style=\"font-weight: 400;\">for the deletion of stolen data. <\/span><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-9115\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"779\" height=\"794\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/microsoft.png\" alt=\"Microsoft Tweeted about the MOVEit attack\" class=\"wp-image-9115\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">(Source:Twitter)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Threat intelligence organizations captured screenshots of the threat group&#8217;s demands. Google-owned Mandiant, tracking the activity under UNC4857 and <\/span><b>identifying the web shell as LEMURLOOT,<\/b><span style=\"font-weight: 400;\"> has found significant tactical connections with FIN11. <span style=\"color: #000000;\">N<\/span><\/span>otably, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) put the flaw to its list of &#8220;Known Exploited Vulnerabilities&#8221; (KEV) and cautioned government agencies to fix the issue before June 23, 2023 by using the vendor&#8217;s patches. <\/span><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Notably, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, advising federal agencies to apply the patches provided by the vendor before June 23, 2023.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">This development follows the <\/span><b>similar zero-day mass exploitation of Accellion FTA servers in December 2020 and GoAnywhere MFT in January 2023<\/b><span style=\"font-weight: 400;\">. Therefore, it is crucial for users to promptly apply the provided patches to protect against potential risks and secure their systems. The cybersecurity firms have identified the same web shell name as exposed to the public internet in multiple customer environments, It directs automated exploitation.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The web shell code within the exploited MOVEit Transfer instances <\/span><b>follows a specific pattern.<\/b><span style=\"font-weight: 400;\"> It initially checks<\/span><b> if an incoming request contains a header named X-siLock-Comment.<\/b><span style=\"font-weight: 400;\"> If this header does not have a particular password-like value, the web shell responds with a 404 &#8220;Not Found&#8221; error. A top cybersecurity company has confirmed the presence of a web shell, specifically the file <\/span><b>human2.aspx located in the www root folder of the MOVEit install directory<\/b><span style=\"font-weight: 400;\">, serves as a key <\/span><b>indicator of successful post-exploitation<\/b><span style=\"font-weight: 400;\">.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><b>Read More:<\/b> <\/span><strong><em><span style=\"color: #183994;\"><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/cyber-security-in-the-wake-of-coinbase-data-breach\/\">How Employee Unawareness Led to Coinbase Data Breach?<\/a><\/span><\/em><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">It is important to note that the original aspx file used by MOVEit for the web interface is named human. aspx. This pattern has been consistently observed in all instances of MOVEit Transfer exploitation recorded as of June 1, 2023. The accompanying image demonstrates an attack and subsequent web shell traffic as documented in the IIS logs. If an inbound request has a header called X-siLock-Comment, the web shell code can first check to see if it contains that information. If it does not, it delivers a 404 &#8220;Not Found&#8221; error.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">A cybersecurity organization confirmed that a critical indicator of successful post-exploitation is the <\/span><b>presence of a web shell: c:\\MOVEit Transfer\\wwwroot\\human2.aspx. <\/b><span style=\"font-weight: 400;\">Above, in the image, is an example of an attack and the follow-on web shell traffic as recorded in the IIS logs. A human2.aspx file must be present in the wwwroot folder of the MOVEit install directory in order for MOVEit Transfer to be exploited as of June 1, 2023 (human.aspx is the native aspx file used by MOVEit for the web interface). <\/span><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-9116\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1005\" height=\"891\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/Cl0p-leak-communication-June-6-1.png\" alt=\"Clop-leak-communication on MOVEit attack\" class=\"wp-image-9116\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">Clop Group posted on the dark web<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Clop has posted a notice on the dark web, warning affected firms of the MOVEit hack to contact them before June 14th to prevent the publication of stolen data. The group claims to have downloaded significant data through an exploit. In an unusual move, Clop is requesting that victim organizations initiate contact with them <\/span><b>through email to negotiate on their darknet portal.&nbsp;<\/b><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">This tactic suggests that the group may be overwhelmed by the scale of the hack and the amount of data they have acquired. Cybersecurity researchers have been monitoring Clop since February 2019, and it is estimated that the group has <\/span><b>targeted over 230 companies across different sectors<\/b><span style=\"font-weight: 400;\">. They maintain a presence on the Dark Web, regularly uploading data dumps from their breached victims.<\/span><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Big_Companies_Affected\"><\/span><b>Big Companies Affected<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Just after the attack was registered by Progress Software, organizations including Aer Lingus, BBC, Boots, and British Airways (BA) confirmed that they have been impacted. The BBC informed personnel that the incident resulted in the <strong>compromising of ID numbers, dates of birth, residential addresses, and National Insurance numbers.<\/strong> Although it employs roughly 22,000 people worldwide, <strong>BBC guaranteed that it was investigating the breach&#8217;s scope in conjunction with UK payroll service Zellis.<\/strong><\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Payroll data may have been stolen, the BBC, British Airways, and Boots have informed more than 100,000 employees. Also informed that their banking information may have been stolen is the BA crew. The Zellis systems, which BA and others utilise for IT services for the payroll and human resources departments, are where the incident started for them. Following these claims, a Zellis <strong>spokeswoman also stated that a &#8220;small number&#8221; of the company&#8217;s clients have been affected.<\/strong><\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">One more big name that has been added to the victims\u2019 list which is <\/span><b>attacked by the Clop ransomware group is the UK media watchdog firm Ofcom<\/b><span style=\"font-weight: 400;\">. Ofcom has confirmed that it has fallen victim to a cyberattack conducted by hackers associated with a well-known Russian ransomware group. The <\/span><b>attack resulted in the unauthorized download of confidential data <\/b><span style=\"font-weight: 400;\">pertaining to certain companies regulated by Ofcom, <\/span><b>as well as personal information belonging to 412 Ofcom employees.<\/b><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Upon discovering the attack, Ofcom took immediate action by promptly notifying the affected companies it regulates and referring the matter to the Information Commissioner&#8217;s Office (ICO), the authority responsible for data protection and privacy in the UK. Additionally, Ofcom swiftly implemented recommended security measures, including discontinuing the use of the compromised MOVEit service, and continues to provide support and assistance to the affected individuals and organizations.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Are_You_a_MOVEit_User_Here_is_what_you_need_to_know\"><\/span><span style=\"color: #000000;\"><b>Are You a MOVEit User? Here is what you need to know<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">To mitigate the impact of the vulnerability in MOVEit Transfer, experts, and Progress Software recommend the following steps:<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Turn_off_all_HTTP_and_HTTP_traffic_going_to_your_MOVEit_Transfer_environment\"><\/span>Turn off all HTTP and HTTP traffic going to your MOVEit Transfer environment<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Firewall rules should be modified to prevent any HTTP or HTTPS traffic from reaching the MOVEit Transfer environment on ports 80 and 443. Access to the REST, Java,.NET, and native host for MOVEit Automation tasks, as well as the MOVEit Transfer add-in for Outlook, will be restricted as a result of this action. The SFTP and FTP\/s protocols, however, will continue to operate correctly. Administrators can access MOVEit Transfer by connecting to the Windows PC using a remote desktop and going to &#8220;https:\/\/localhost\/&#8221; on their browser.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conduct_a_Comprehensive_Security_Audit-_Review_Delete_and_Reset\"><\/span><span style=\"color: #000000;\"><b>Conduct a Comprehensive Security Audit- Review, Delete, and Reset<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">Thoroughly review the system for unauthorized files and user accounts. Remove any instances of the &#8220;human2.aspx&#8221; and &#8220;.cmdline&#8221; script files. Additionally, check for new files created in the &#8220;C:\\MOVEitTransfer\\wwwroot&#8221; directory and the &#8220;C:\\Windows\\TEMP[random]&#8221; directory with a &#8220;.cmdline&#8221; file extension.\u00a0<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Monitor logs for any unexpected downloads from unknown IP addresses or a significant number of file downloads.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Reset the credentials for the service accounts associated with affected systems and the MOVEit Service Account. This will help ensure that unauthorized access using compromised credentials is mitigated.<\/span><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Apply_the_Patch\"><\/span><span style=\"color: #000000;\"><b>Apply the Patch<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Progress Software<\/span><span style=\"font-weight: 400;\"> provided patches for all supported versions of MOVEit Transfer.&nbsp;<\/span><\/span><span style=\"font-weight: 400; color: #000000;\">Please note that when applying the patch, there is no need to modify the license file. Simply follow the instructions provided with the patch to ensure a successful update. It is crucial to keep MOVEit Transfer up to date with the latest patches to enhance security and protect against vulnerabilities.<\/span><\/p>\n\n\n\n<figure class=\"wp-block-image alignnone size-full wp-image-9117\"><img loading=\"lazy\" decoding=\"async\" width=\"1042\" height=\"810\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/Screenshot-7.png\" alt=\"Patch available for the  moveit vulnerability\" class=\"wp-image-9117\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">(Source: Progress Software)<\/span><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enable_Web_Traffic_Verify_and_Monitor\"><\/span><span style=\"color: #000000;\"><b>Enable Web Traffic, Verify, and Monitor<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">Enabling all HTTP and HTTPs traffic to your MOVEit Transfer environment is advised to ensure MOVEit Transfer runs without a hitch. By changing the firewall rules to permit HTTP and HTTPS traffic on ports 80 and 443, this can be accomplished. You should re-set the service account credentials if you discover any signs of intrusion.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\">While they wait for the required security updates to be installed, organisations can reduce the risk and potential effects of the MOVEit Transfer vulnerability by taking the procedures outlined in this mitigation guide.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQs_MOVEit_Zero-day_Vulnerability_Attack\"><\/span><span style=\"color: #000000;\"><b>FAQs: MOVEit Zero-day Vulnerability Attack<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1686746951709\"><strong class=\"schema-faq-question\"><strong>What is Zero-day vulnerability?<\/strong><\/strong> <p class=\"schema-faq-answer\">A zero-day vulnerability refers to a security flaw or weakness in software or hardware that is unknown to the developer. It is called &#8220;zero-day&#8221; because the vulnerability exists before the affected party becomes aware of it or has had a chance to fix it. As happened in the case of Progress Software, where the vulnerability in its MOVEit File Transfer was not known by the developers which was later exploited by the Russian-linked ransomware hackers Clop group.\u00a0 The hackers take advantage of the vulnerability to gain unauthorized access, compromise data, or perform malicious activities. Zero-day vulnerabilities are considered highly valuable to attackers as they offer an advantage due to the lack of available patches or security measures.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1686747137833\"><strong class=\"schema-faq-question\"><strong>What is MOVEit Tranfer?<\/strong><\/strong> <p class=\"schema-faq-answer\">MOVEit is a file transfer software developed by Standard Networks which was later acquired by Ipswitch,Inc &amp; Progress Software in 2008. It provides secure encryption and utilizes reliable File Transfer Protocols for the seamless transfer of data. MOVEit offers advanced features like automation, analytics, and failover options. Companies across the world use this software to transfer their data securely. It is used by various sectors, including healthcare with clients like Rochester Hospital and Medibank. Additionally, MOVEit is widely adopted by IT departments in financial services, high technology, and government organizations.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1686747420326\"><strong class=\"schema-faq-question\"><strong>Who hacked MOVEit?<\/strong><\/strong> <p class=\"schema-faq-answer\">The hacking group behind the attacks on MOVEit Transfer is known as Clop. Clop group is a well-known cybercriminal gang believed to be of Russian origin. They have gained notoriety for their involvement in ransomware operations and running the Clop extortion site. They are also recognized in the industry by alternative names such as FIN11, DEV-0950, and TA505. Clop has specifically targeted organizations in North America and the UK, and they have been actively exploiting the zero-day vulnerability in MOVEit Transfer to gain control over affected systems.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1686747503906\"><strong class=\"schema-faq-question\"><strong>What is Progress Software?<\/strong><\/strong> <p class=\"schema-faq-answer\">American Software Company, Progress Software is a provider of different software tools and solutions for application development, integration, data connectivity, and digital experience. Its services helps companies to build and deploy applications, integrate systems and data, and enhance customer experiences.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1686821268099\"><strong class=\"schema-faq-question\"><strong>What is SQL injection?<\/strong><\/strong> <p class=\"schema-faq-answer\">SQL injection is nothing but an attack technique taking advantage of the vulnerability in the web application database that allows submitting arbitrary SQL code in the database query without proper sanitation. During the attack, the hacker exploits these vulnerabilities by inserting malicious SQL code into the application&#8217;s input fields and the application process it without any check. This lead to the execution of malicious SQL in the database server which gives unauthorized access, data manipulation, or even the complete compromise of the application and its underlying database.<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Progress Software Corporation, an American public company, issued an alert on May 31, 2023, regarding a critical SQL injection vulnerability discovered in their MOVEit Transfer solution. Following this disclosure, numerous organizations like BBC, and British Airways have come forward to reveal that they have fallen victim to cyber-attacks stemming from a zero-day vulnerability (CVE-2023-34362) in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,44],"tags":[],"class_list":["post-9111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attacks","category-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>MOVEit Transfer vulnerability exploited widely in North America|<\/title>\n<meta name=\"description\" content=\"Critical SQL injection flaw found in MOVEit Transfer, affecting major organizations including Boots, BBC, and British Airways.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MOVEit Transfer vulnerability exploited widely in North America|\" \/>\n<meta property=\"og:description\" content=\"Critical SQL injection flaw found in MOVEit Transfer, affecting major organizations including Boots, BBC, and British Airways.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-14T13:41:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-13T09:10:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/4fff2170-101b-4ed9-8248-a315b8144327.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"25 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Vulnerability in MOVEit, File Sharing App, Exposes Corporate Data\",\"datePublished\":\"2023-06-14T13:41:03+00:00\",\"dateModified\":\"2024-08-13T09:10:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/\"},\"wordCount\":2451,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/4fff2170-101b-4ed9-8248-a315b8144327.jpg\",\"articleSection\":[\"Cyber Attacks\",\"Ransomware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#respond\"]}]},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/\",\"name\":\"MOVEit Transfer vulnerability exploited widely in North America|\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/4fff2170-101b-4ed9-8248-a315b8144327.jpg\",\"datePublished\":\"2023-06-14T13:41:03+00:00\",\"dateModified\":\"2024-08-13T09:10:23+00:00\",\"description\":\"Critical SQL injection flaw found in MOVEit Transfer, affecting major organizations including Boots, BBC, and British Airways.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686746951709\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747137833\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747420326\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747503906\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686821268099\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/4fff2170-101b-4ed9-8248-a315b8144327.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/4fff2170-101b-4ed9-8248-a315b8144327.jpg\",\"width\":600,\"height\":576,\"caption\":\"MOVEit zero day vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability in MOVEit, File Sharing App, Exposes Corporate Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/cropped-original-logo-TC.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/cropped-original-logo-TC.png\",\"width\":951,\"height\":228,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686746951709\",\"position\":1,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686746951709\",\"name\":\"What is Zero-day vulnerability?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A zero-day vulnerability refers to a security flaw or weakness in software or hardware that is unknown to the developer. It is called \\\"zero-day\\\" because the vulnerability exists before the affected party becomes aware of it or has had a chance to fix it. As happened in the case of Progress Software, where the vulnerability in its MOVEit File Transfer was not known by the developers which was later exploited by the Russian-linked ransomware hackers Clop group.\u00a0 The hackers take advantage of the vulnerability to gain unauthorized access, compromise data, or perform malicious activities. Zero-day vulnerabilities are considered highly valuable to attackers as they offer an advantage due to the lack of available patches or security measures.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747137833\",\"position\":2,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747137833\",\"name\":\"What is MOVEit Tranfer?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"MOVEit is a file transfer software developed by Standard Networks which was later acquired by Ipswitch,Inc &amp; Progress Software in 2008. It provides secure encryption and utilizes reliable File Transfer Protocols for the seamless transfer of data. MOVEit offers advanced features like automation, analytics, and failover options. Companies across the world use this software to transfer their data securely. It is used by various sectors, including healthcare with clients like Rochester Hospital and Medibank. Additionally, MOVEit is widely adopted by IT departments in financial services, high technology, and government organizations.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747420326\",\"position\":3,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747420326\",\"name\":\"Who hacked MOVEit?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The hacking group behind the attacks on MOVEit Transfer is known as Clop. Clop group is a well-known cybercriminal gang believed to be of Russian origin. They have gained notoriety for their involvement in ransomware operations and running the Clop extortion site. They are also recognized in the industry by alternative names such as FIN11, DEV-0950, and TA505. Clop has specifically targeted organizations in North America and the UK, and they have been actively exploiting the zero-day vulnerability in MOVEit Transfer to gain control over affected systems.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747503906\",\"position\":4,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686747503906\",\"name\":\"What is Progress Software?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"American Software Company, Progress Software is a provider of different software tools and solutions for application development, integration, data connectivity, and digital experience. Its services helps companies to build and deploy applications, integrate systems and data, and enhance customer experiences.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686821268099\",\"position\":5,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/zero-day-vulnerability-in-moveit-file-sharing-application\\\/#faq-question-1686821268099\",\"name\":\"What is SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SQL injection is nothing but an attack technique taking advantage of the vulnerability in the web application database that allows submitting arbitrary SQL code in the database query without proper sanitation. During the attack, the hacker exploits these vulnerabilities by inserting malicious SQL code into the application's input fields and the application process it without any check. This lead to the execution of malicious SQL in the database server which gives unauthorized access, data manipulation, or even the complete compromise of the application and its underlying database.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MOVEit Transfer vulnerability exploited widely in North America|","description":"Critical SQL injection flaw found in MOVEit Transfer, affecting major organizations including Boots, BBC, and British Airways.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/","og_locale":"en_US","og_type":"article","og_title":"MOVEit Transfer vulnerability exploited widely in North America|","og_description":"Critical SQL injection flaw found in MOVEit Transfer, affecting major organizations including Boots, BBC, and British Airways.","og_url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2023-06-14T13:41:03+00:00","article_modified_time":"2024-08-13T09:10:23+00:00","og_image":[{"width":600,"height":576,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/4fff2170-101b-4ed9-8248-a315b8144327.jpg","type":"image\/jpeg"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"25 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Vulnerability in MOVEit, File Sharing App, Exposes Corporate Data","datePublished":"2023-06-14T13:41:03+00:00","dateModified":"2024-08-13T09:10:23+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/"},"wordCount":2451,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/4fff2170-101b-4ed9-8248-a315b8144327.jpg","articleSection":["Cyber Attacks","Ransomware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#respond"]}]},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/","url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/","name":"MOVEit Transfer vulnerability exploited widely in North America|","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/4fff2170-101b-4ed9-8248-a315b8144327.jpg","datePublished":"2023-06-14T13:41:03+00:00","dateModified":"2024-08-13T09:10:23+00:00","description":"Critical SQL injection flaw found in MOVEit Transfer, affecting major organizations including Boots, BBC, and British Airways.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686746951709"},{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747137833"},{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747420326"},{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747503906"},{"@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686821268099"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/4fff2170-101b-4ed9-8248-a315b8144327.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/06\/4fff2170-101b-4ed9-8248-a315b8144327.jpg","width":600,"height":576,"caption":"MOVEit zero day vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Vulnerability in MOVEit, File Sharing App, Exposes Corporate Data"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/cropped-original-logo-TC.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2022\/03\/cropped-original-logo-TC.png","width":951,"height":228,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686746951709","position":1,"url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686746951709","name":"What is Zero-day vulnerability?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A zero-day vulnerability refers to a security flaw or weakness in software or hardware that is unknown to the developer. It is called \"zero-day\" because the vulnerability exists before the affected party becomes aware of it or has had a chance to fix it. As happened in the case of Progress Software, where the vulnerability in its MOVEit File Transfer was not known by the developers which was later exploited by the Russian-linked ransomware hackers Clop group.\u00a0 The hackers take advantage of the vulnerability to gain unauthorized access, compromise data, or perform malicious activities. Zero-day vulnerabilities are considered highly valuable to attackers as they offer an advantage due to the lack of available patches or security measures.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747137833","position":2,"url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747137833","name":"What is MOVEit Tranfer?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"MOVEit is a file transfer software developed by Standard Networks which was later acquired by Ipswitch,Inc &amp; Progress Software in 2008. It provides secure encryption and utilizes reliable File Transfer Protocols for the seamless transfer of data. MOVEit offers advanced features like automation, analytics, and failover options. Companies across the world use this software to transfer their data securely. It is used by various sectors, including healthcare with clients like Rochester Hospital and Medibank. Additionally, MOVEit is widely adopted by IT departments in financial services, high technology, and government organizations.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747420326","position":3,"url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747420326","name":"Who hacked MOVEit?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The hacking group behind the attacks on MOVEit Transfer is known as Clop. Clop group is a well-known cybercriminal gang believed to be of Russian origin. They have gained notoriety for their involvement in ransomware operations and running the Clop extortion site. They are also recognized in the industry by alternative names such as FIN11, DEV-0950, and TA505. Clop has specifically targeted organizations in North America and the UK, and they have been actively exploiting the zero-day vulnerability in MOVEit Transfer to gain control over affected systems.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747503906","position":4,"url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686747503906","name":"What is Progress Software?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"American Software Company, Progress Software is a provider of different software tools and solutions for application development, integration, data connectivity, and digital experience. Its services helps companies to build and deploy applications, integrate systems and data, and enhance customer experiences.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686821268099","position":5,"url":"https:\/\/threatcop.com\/blog\/zero-day-vulnerability-in-moveit-file-sharing-application\/#faq-question-1686821268099","name":"What is SQL injection?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SQL injection is nothing but an attack technique taking advantage of the vulnerability in the web application database that allows submitting arbitrary SQL code in the database query without proper sanitation. During the attack, the hacker exploits these vulnerabilities by inserting malicious SQL code into the application's input fields and the application process it without any check. This lead to the execution of malicious SQL in the database server which gives unauthorized access, data manipulation, or even the complete compromise of the application and its underlying database.","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/9111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=9111"}],"version-history":[{"count":24,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/9111\/revisions"}],"predecessor-version":[{"id":11749,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/9111\/revisions\/11749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/9120"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=9111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=9111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=9111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}