Skip to Main Content

Report

Observations on Progress Software’s MOVEit Transfer Solution Vulnerability

Click the download button above to read the rest of the report.

Arete has observed multiple instances of clients being affected by the high severity vulnerability in Progress Software’s MOVEit Transfer solution. On May 31st, Progress Software released an advisory giving public notification of the vulnerability.

The SQL injection flaw allows for privilege escalation by unauthorized actors, eventually leading to the mass download and exfiltration of victim data. As of May 31st, there are approximately 2500 instances of MOVEit Transfer solutions exposed to the internet. With a majority of the exposed MOVEit Transfer solutions located within the United States, the actors aimed to decrease the chances of detection by exploiting the flaw during Memorial Day weekend on Saturday, May 27th.

MOVEit Transfer is an automated file transfer software often used to transfer sensitive information. The impact across vulnerable solutions is currently unknown; however, Arete anticipates identified victims of the vulnerability to increase in the near term. While Arete has not made contact with the threat actor(s) behind these attacks or received any extortion demands, it is anticipated that demands will begin flowing in by the threat actor(s) to profit on the vulnerability they capitalized on.