The following article was written by Drew Burton and Cynthia Wyre.
Rapid7 continues to track the impact of CVE-2023-34362, a critical zero-day vulnerability in Progress Software’s MOVEit Transfer solution. CVE-2023-34362 allows for SQL injection, which can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
Rapid7 is not currently seeing evidence that commodity or low-skill attackers are exploiting the vulnerability. However, the exploitation of available high-value targets globally across a wide range of org sizes, verticals, and geo-locations indicates that this is a widespread threat. We expect to see a longer list of victims come out as time goes on.
We’ve put together a timeline of events to date for your reference.
MOVEit Timeline
May 27-28: Rapid7 services teams have so far confirmed indicators of compromise and data exfiltration dating back to at least May 27 and May 28, 2023 (respectively).
May 31: Progress Software publishes an advisory on a critical SQL injection vulnerability in their MOVEit Transfer solution.
May 31: Rapid7 begins investigating exploitation of MOVEit Transfer.
June 1: Rapid7 publishes initial analysis of MOVEit Transfer attacks after responding to incidents across multiple customer environments.
June 1: The security community publishes technical details and indicators of compromise.
June 1: Compromises continue; Rapid7 responds to alerts.
June 1: CISA 34362 moveit vulnerability timeline events
