Security Advisory from Insightz: Urgent Action Recommended for Critical Vulnerability in MOVEit Transfer under Active Exploitation
Posted by Insightz Technology, 04-06-2023
Dear Insightz customer,
As of May 31, 2023, Progress Software has officially revealed a critical vulnerability that has a significant impact on the MOVEit Transfer web application used for file transfers. Exploiting this vulnerability can result in the deployment of a web shell, a malicious tool, and the unauthorized extraction of data. It is important to note that this vulnerability is currently being actively exploited and affects all versions of the software. At the time of this announcement, the vulnerability has not yet been assigned a CVE number.
The vulnerability allows an unauthenticated remote attacker to escalate privileges and gain unauthorized access to the MOVEit Transfer database. Analysis from the VirusTotal service indicates that a post-exploitation web shell named "human2.aspx" was first uploaded on May 28, suggesting that the campaign has been active since at least that date. Notably, the observed web shells contain unique passwords for each victim, making it more challenging to detect them using file hash-based methods.
Recommended actions:
The researchers at Insightz advise customers to review the guidance provided by the vendor and apply any available patches in their respective environments. The Progress Software advisory includes mitigations for organizations that cannot immediately upgrade their systems.
Insightz' response:
The research team is currently investigating the feasibility of implementing countermeasures to detect and mitigate activity associated with this threat.
Questions:
If you have any questions or concerns regarding this advisory, please don't hesitate to contact our IOC (Intelligent Operations Centre).
Sincerely,
Insightz Support Team
References:
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response