The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), released a joint Cybersecurity Advisory (CSA) that ransomware gang CL0P, also known as TA505, has been exploiting a previously unknown SQL injection vulnerability in Progress Software’s managed file transfer (MFT) solution called MOVEit Transfer.
Why it matters: The FBI and CISA are recommending organizations implement suggested mitigations to improve their organization’s security posture in response to threat actors’ activity.
- The CL0P Ransomware gang infected internet-facing MOVEit Transfer web applications with a web shell named LEMURLOOT, which allowed them to steal data from the underlying MOVEit Transfer databases.
- The ransomware gang, in a communication published on their data leak platform, directs victims to initiate contact and engage in payment negotiations by June 14, 2023, warning that failure to comply will result in the public exposure of their data.
- According to a report by cybersecurity firm SentinelOne, organizations from various sectors, such as aviation, transportation, logistics, entertainment, financial services, insurance, healthcare, pharmaceuticals, manufacturing, mechanical engineering, media, technology, utilities, and public services, have been targeted and attacked.