The Fall of the Digital Fortress: The Story of the MOVEit Vulnerability That Shocked the World
The Clop group’s attack on the MOVEit Transfer software supply chain is rightfully considered one of the largest extortion campaigns.
Hacker attack on the file transfer system MOVEit Transfer continues to cause damage, the number of affected organizations is approaching 400. The Clop hacker group exploited a vulnerability in the software Progress Software to steal data from vulnerable networks. Those affected include large corporations and US government agencies, including US Department of Energy , Shell , Deutsche Bank And PwC .
As of July 19, 383 organizations and over 20 million people have been compromised. MOVEit incident compared to known hack solarwinds , though not as destructive. Losses are expected to be significant, including monitoring loans for millions of people and many lawsuits.
British provider of payroll and HR solutions Zellis one of the very first confirmed which was subjected to a data breach that also affected some of its clients, including companies BBC , british airways and pharmacy network Boots .
It is worth recalling that hacking the MOVEit Transfer MFT platform happened May 27 thanks to a zero-day vulnerability CVE-2023-34362 . While on MOVEit systems, the hackers managed to steal the data of hundreds of companies. And not all of them reported the data breach publicly. According to experts, an attack on the MOVEit Transfer service was being prepared back in 2021, when hackers probed possible ways to attack.
Key vulnerabilities in the software included the original SQL injection vulnerability ( CVE-2023-34362 ), corrected the next day after discovery. This was followed by two more vulnerabilities discovered on June 9 and 15 ( CVE-2023-35036 and CVE-2023-35708 ). In early July, three more vulnerabilities were discovered and fixed ( CVE-2023-36934 , CVE-2023-36932 And CVE-2023-36933 ).
By data Bitsight, the affected organizations are successfully addressing the fixes. In addition, supply chain attacks are believed to be increasingly attractive to hackers due to their scale. However, this approach assumes a one-time use of each attack, after which the attackers have to look for new methods.