The Cybersecurity and Infrastructure Security (CISA) and the FBI this week amplified CISA’s warning last week about an SQL injection vulnerability in the MOVEit Transfer managed file transfer software.
In a June 1 alert, CISA flagged the vulnerability and said, “a cyber threat actor could exploit this vulnerability to take over an affected system.” The agency urged users and organizations to follow mitigation steps, apply updates, and hunt for malicious activity.
In a June 7 advisory, CISA and the FBI tied exploitation of the vulnerability to the CL0P Ransomware Gang and renewed its call for organizations to take steps to mitigate the vulnerability.
“According to open-source information, CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE-2023-34362) in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer beginning in May 2023,” the agencies said.
“Internet-facing MOVEit Transfer web applications were infected with a specific malware used by CL0P, which was then used to steal data from underlying MOVEit Transfer databases,” they said.
CISA had flagged Progress Software’s alert that the company issued on May 31.
“CISA remains in close contact with Progress Software and our partners at the FBI to understand prevalence within federal agencies and critical infrastructure,” said Eric Goldstein, CISA’s executive director for cybersecurity, in the June 7 advisory.
“Today’s joint advisory provides timely steps that organizations can take to protect against and reduce the impact of CL0P ransomware or other ransomware threat,” Goldstein said. “CISA continues to work diligently to notify vulnerable organizations, urge swift remediation, and offer technical support where applicable. Potentially impacted organizations should reach out to CISA via cisa.gov/report or your regional cybersecurity representative.”
“While the FBI remains steadfast in our efforts to combat the ransomware threat at large, this is not a fight we can win alone,” said Bryan Vorndran, assistant director of the FBI’s Cyber Division. “We encourage our private sector partners to implement the recommended steps, and if you believe you’re a victim of suspicious cyber activity, to report the compromise to your local FBI field office and CISA.”