The MoveIT vulnerability continues to be trouble for companies. In a major cybersecurity incident, the Russian-based hacker group known as Clop has targeted the MOVEit file transfer tool, developed by Progress Software. Exploiting a critical security vulnerability, the hackers have successfully compromised the personal data of over 15.5 million individuals across various organizations worldwide.
On May 31, 2023, Progress Software discovered a vulnerability in MOVEit Transfer, which could result in escalated privileges and unauthorized access to the system. The exploit allowed the Clop hackers to gain entry into the tool, compromising the personal data of millions of individuals. The precise number of affected organizations is yet unknown, but the scope of the breach continues to expand, with more victims coming to light.
MOVEit Vulnerability Targets and Impact
Clop has primarily targeted organizations in the United States and Canada, with at least seven universities and sixteen public sector entities confirmed as victims. However, the full extent of the MOVEit vulnerability breach is not limited to these sectors alone. Clop claims to have compromised “hundreds” of organizations, suggesting that additional victims will likely emerge in the days and weeks ahead. The exact number of impacted organizations and individuals remains uncertain, although the list is growing above 120+ as of the beginning of July.
Who is affected?
Those affected by the Clop hacker group’s exploitation of the MOVEit vulnerability encompass a wide range of organizations, including both governmental and private entities. While some organizations affected have come forward, there are expected to be many more that have yet to acknowledge a breach. Some notable organizations that have come forward acknowledging their fall to the attack include:
If you are a user of MoveIT or have any association with a company or service that utilizes MoveIT, it is crucial to take immediate action to determine whether you or your data have been impacted by the recent security breach. The list of affected organizations continues to grow, encompassing a wide range of sectors and industries. To safeguard your personal information and ensure the security of your data, it is essential to proactively check if you have been affected by this cybersecurity incident.
- Allegiant Air
- British Airways
- City National Bank of Florida
- Department of Justice (Canada Agency)
- Department of Labour (Canada Agency)
- First Merchants Bank
- Maryland Department of Human Services
- Minnesota Department of Education
- Oak Ridge Associated Universities (Consortium of US universities)
- Oregon Department of Transportation
- Southern Illinois University
- Southern Utah University
- United States Department of Agriculture
- United States Office of Personnel Management
- University of California, Los Angeles
- Utah Tech University (US University)
Government Agencies Affected by MOVEit Vulnerability
The U.S. government has acknowledged that multiple federal agencies have fallen victim to these cyberattacks by exploiting the MOVEit Transfer vulnerability. However, the specific agencies affected have not been disclosed at this time. It is worth noting that around a dozen other U.S. agencies have active MOVEit contracts, including the Department of the Army, the Department of the Air Force, and the Food and Drug Administration.
As reported by TechCrunch, The Department of Energy announced two of it’s entities were breached:
“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA) … The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach.”
Cybersecurity with Dark Blue Technologies
Need cybersecurity solutions? With world-class technology, unmatched customer service, and decades of experience,
we deliver modern and creative technology-based cybersecurity solutions leveraging world-class partners and providers.
Mitigation and Response
In response to this critical MOVEit vulnerability and subsequent security breach, MOVEit Transfer customers must take immediate action to protect their environments. Progress Software has likely released patches and updates to address the vulnerability, and customers should ensure they have installed the latest versions promptly. Additionally, affected organizations should consider conducting thorough security audits, reviewing access controls, and strengthening their overall cybersecurity posture to prevent future incidents.
Further Problems with MOVEit
In recent weeks Progress has announced the discovery of a new MOVEit vulnerability & a subsequent patch. The vulnerability, identified as CVE-2023-35708, poses a significant risk as it can potentially lead to unauthorized access to customer environments, as warned by Progress Software in their advisory.
The newly discovered vulnerability underscores the urgent need for MOVEit Transfer customers to take immediate action to protect their environments. The affected versions include those released before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
Given the gravity of this vulnerability, MOVEit Transfer customers must take immediate action to safeguard their environments. It is imperative to update to the latest versions of the software provided by Progress, which include the necessary patches and fixes to mitigate the SQL injection vulnerability.
The Clop hacker group’s successful exploitation of the MOVEit Transfer vulnerability has resulted in the compromise of millions of individuals’ personal data. The breach has affected various organizations, including universities, public sector entities, and potentially multiple U.S. government agencies. This incident highlights the critical importance of proactive cybersecurity measures, prompt vulnerability patching, and continuous security monitoring to safeguard sensitive information and mitigate the risks associated with emerging cyber threats. Dark Blue Technologies has expertise with cybersecurity and mitigating ransomware attacks. Contact us today or view our Cybersecurity offerings for more information.