Hackers are actively exploiting a zero-day vulnerability in MOVEit, a popular file transfer tool used by numerous major companies. The vulnerability, discovered by BleepingComputer and confirmed by Rapid7, allows for escalated privileges and unauthorized access to the environment.
Progress Software, the creator of MOVEit, has published an advisory urging immediate action and the disabling of HTTP and HTTPS traffic in order to protect the affected environment. The company is currently testing patches and plans to release them as soon as possible.
Rapid7 reports that there are approximately 2,500 instances of MOVEit Transfer exposed to the public internet, with the majority located in the United States. Cybersecurity researcher Kevin Beaumont shared evidence of one instance connected to the U.S. Department of Homeland Security.
It is believed that hackers have already automated the exploitation of the vulnerability, and incidents of mass data downloads from affected companies have been reported.
This attack on MOVEit follows a series of similar incidents involving file transfer tools targeted by ransomware groups. In February, Fortra’s GoAnywhere MFT file-transfer product was exploited, impacting organizations like Proctor & Gamble, Virgin, and Hitachi. The Cl0p gang, previously responsible for the Accellion file transfer tool attack in 2021, is believed to be behind the MOVEit exploitation as well.
These incidents highlight the ongoing risks faced by large organizations and emphasize the need for proactive cybersecurity measures to protect critical infrastructure and sensitive data.
