Cybersecurity Briefing — MOVEit Transfer zero-day exploited at scale

Progress Software issued an advisory on 31 May 2023 for CVE-2023-34362, a SQL injection vulnerability in MOVEit Transfer exploited in the wild for unauthorized file access. The flaw let attackers escalate privileges and steal data directly from customers’ managed file-transfer systems, turning a popular enterprise platform into a supply-chain breach vector.

Security firm and government reporting showed exploitation began prior to disclosure, with the Cl0p ransomware group leveraging automated webshell deployment across exposed MOVEit Transfer instances. CISA urged immediate patching and compromise assessment because stolen data could trigger regulatory notification obligations for regulated sectors.

Organizations running MOVEit Transfer need to apply the vendor hotfixes, rotate credentials, and review managed file-transfer architectures for segmented access, MFA enforcement, and centralized logging to contain future exploit attempts. Third-party risk teams should also confirm whether partners operated affected instances and whether downstream data-sharing contracts require incident disclosures.

• Progress Software advisory details affected versions, indicators of compromise, and patch availability.
• CISA alert confirms active exploitation and recommends credential rotation, network isolation, and log review for webshell artifacts.