Risk & Repeat: More victims emerge from MoveIt Transfer flaw

A highly publicized, critical MoveIt Transfer vulnerability disclosed at the end of last month was used to breach several U.S. government federal agencies, CISA said last week.

Progress Software disclosed a vulnerability affecting its managed file transfer software, MoveIt Transfer, on May 31. The flaw, now tracked as CVE-2023-34362, is a critical SQL injection bug that has led to multiple waves of data breach disclosures in the weeks since the flaw came to light. Victims have included private sector organizations, as well as multiple U.S. states and, as CISA disclosed last Thursday, "several" U.S. federal agencies.

CISA confirmed initial reports of federal-level compromise in a conference call with the media last week. In the call, CISA Director Jen Easterly said her agency was providing support for the departments that suffered intrusions through their MoveIt Transfer instances. She added that, while CISA was responding to the threat urgently, the cyber agency was "not tracking any significant impacts to the federal civilian executive branch enterprise."

The unnamed federal agencies are just some of the latest organizations to disclose breaches stemming from the MoveIt Transfer flaw. Microsoft identified the primary actor behind MoveIt activity as an actor affiliated with the Clop ransomware gang known as Lace Tempest. Last week, Clop began publishing the names of affected organizations on its ransomware leak site.

On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the latest updates surrounding the MoveIt Transfer flaw, how this ransomware campaign compares to other similar attacks and why there may be a silver lining to this threat activity.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a writer, journalist and podcaster based in Boston.