Data Thief Takes Advantage Of MOVEit File Transfer Software Vulnerabilities
JAKARTA - US security researchers revealed that hackers had stolen data from a system of MOVEit Transfer users, a popular file transfer tool. This happened on Thursday, June 1 one day after the software maker revealed a security vulnerability.
The software maker, Progress Software Corp, said after disclosing the vulnerability on Wednesday, May 31 that it could lead to unauthorized access to the user's system.
The software transfer of files managed by Burlington-based company, Massachusetts, allows the organization to transfer files and data between business partners and customers.
It is not clear which organization used this software or how many were affected by potential breaches. Information Officer Chief Ian Pitt declined to share the details, but said that Progress Software had provided improvements since they discovered the vulnerability in late May 28.
The cloud-based service owned by this software is also affected, Pitt told Reuters. "Until now, we haven't seen any exploitation of the cloud platform," he said.
Cybersecurity firm Rapid7 Inc and Mandiant Consulting - owned by Alphabet Inc's Google - said they had found a number of cases where the vulnerability had been exploited to steal data.
"The mass exploitation and data theft have been widespread in recent days," Charles Carmakal, head of technology from Mandiant Consulting, said in a statement.
"zero-day vulnerabilities, or previously unknown, in managed file transfer solutions have led to data theft, information leakage, extortion, and abuse of victims in the past," said Mandiant.
"Although Mandiant does not yet know the motivation of the threat perpetrators, the organization must prepare for potential extortion and the publication of stolen data," said Carmakal.
Rapid7 says they have seen an increase in the compromise case associated with the vulnerability since it was disclosed.
Progress Software has outlined steps that users at risk can take to mitigate the impact of the security vulnerability.
Pitt did not comment on who might have tried to steal the data by taking advantage of the vulnerability.
"We have no evidence that it was used to spread malware," he said.
Pitt said that the Transfer MOVEit was used by a "small-relative" number of subscribers compared to other software products that reached more than 20 customers.
"We have forensic partners involved and we are working with them to ensure that we have a growing understanding of this situation."