The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint Cybersecurity Advisory (CSA) detailing recommended actions and mitigations to protect against and reduce the impact of the CL0P Ransomware Gang exploiting the MOVEit vulnerability (CVE-2023-3436). The CL0P Ransomware Gang, also known as TA505, has been exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE-2023-34362) in Progress Software's managed file transfer (MFT) solution called MOVEit Transfer since May 2023. This has led to the infection of internet-facing MOVEit Transfer web applications with specific malware used by CL0P, which was then used to steal data from the underlying MOVEit Transfer databases.
CISA Executive Director for Cybersecurity Eric Goldstein said, “CISA remains in close contact with Progress Software and our partners at the FBI to understand prevalence within federal agencies and critical infrastructure.” He added that the joint advisory provides timely steps for organizations to protect against and reduce the impact of CL0P ransomware or other ransomware threats. CISA is working to notify vulnerable organizations, urging swift remediation and offering technical support where applicable. Organizations that may be impacted should contact CISA via cisa.gov/report or their regional cybersecurity representative.
Bryan Vorndran, Assistant Director of the FBI's Cyber Division, emphasized the importance of collaboration between the FBI and CISA in sharing information to enable organizations to better protect themselves from malicious cyber actors. He also encouraged private sector partners to implement the recommended steps and report any suspicious cyber activity to their local FBI field office and CISA.
The advisory urges all organizations to review the information and implement the recommended mitigations to reduce the likelihood and impact of CL0P and other ransomware incidents. Organizations are also reminded to visit StopRansomware.gov, which offers a variety of free U.S. government resources and services that can help improve cyber hygiene, cybersecurity posture, and reduce the risk of ransomware. CISA, as the nation’s cyber defense agency and national coordinator for critical infrastructure security, leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure that Americans rely on every day. More information can be found at CISA.gov and by following CISA on Twitter, Facebook, LinkedIn, and Instagram.