progress-asia-moveit

The application development and infrastructure software company in the Boston region alerted users to a significant SQL injection vulnerability in MOVEit Transfer that allow attackers to escalate their privileges and gain access to target systems without authorization.

Researchers at Mandiant, Rapid7, and other companies claimed to have observed widespread data theft and mass exploitation linked to the vulnerability.

Any company using MOVEit should perform a forensic analysis to see if the system has previously been breached and whether any data has been stolen.

Organisations should be ready for future extortion and publishing of the stolen material, even though Mandiant does not yet know the motivation of the threat actor.

Source: https://www.govinfosecurity.com/hackers-exploit-progress-moveit-file-transfer-vulnerability-a-22211

TPRM report: https://scoringcyber.rankiteo.com/company/progress-asia-moveit

"id": "pro12124623",
"linkid": "progress-asia-moveit",
"type": "Vulnerability",
"date": "06/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Application Development and '
                                    'Infrastructure Software',
                        'location': 'Boston region',
                        'name': 'MOVEit Transfer users',
                        'type': 'Organizations'}],
 'attack_vector': 'SQL Injection Vulnerability',
 'customer_advisories': 'Organizations should be ready for future extortion '
                        'and publishing of stolen material.',
 'data_breach': {'data_exfiltration': 'Widespread data theft observed'},
 'description': 'A significant SQL injection vulnerability in MOVEit Transfer '
                'allowed attackers to escalate privileges and gain '
                'unauthorized access to target systems. Widespread data theft '
                'and mass exploitation have been observed.',
 'impact': {'data_compromised': 'Potential data theft',
            'systems_affected': 'MOVEit Transfer systems'},
 'initial_access_broker': {'entry_point': 'SQL Injection Vulnerability'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Organizations should perform forensic analysis to '
                    'determine if their systems have been breached and prepare '
                    'for future extortion attempts.',
 'motivation': ['Extortion', 'Data Theft'],
 'post_incident_analysis': {'corrective_actions': 'Perform forensic analysis '
                                                  'to check for breaches and '
                                                  'data theft.',
                            'root_causes': 'SQL Injection Vulnerability in '
                                           'MOVEit Transfer'},
 'ransomware': {'data_exfiltration': 'Widespread data theft observed'},
 'recommendations': 'Organizations using MOVEit Transfer should perform a '
                    'forensic analysis to check for breaches and data theft.',
 'references': [{'source': 'Mandiant'}, {'source': 'Rapid7'}],
 'response': {'third_party_assistance': ['Mandiant', 'Rapid7']},
 'title': 'MOVEit Transfer SQL Injection Vulnerability',
 'type': 'SQL Injection',
 'vulnerability_exploited': 'SQL Injection Vulnerability in MOVEit Transfer'}

progress-asia-moveit

Dansons

TEP Holdings, LLC

Bolton Global