CISA and FBI Issue Advisory on CL0P Ransomware Gang Exploiting MOVEit Vulnerability

June 7, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint Cybersecurity Advisory (CSA) detailing recommended actions and mitigations to protect against and reduce the impact of the CL0P Ransomware Gang exploiting the MOVEit vulnerability (CVE-2023-3436). The CL0P Ransomware Gang, also known as TA505, has been exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE-2023-34362) in Progress Software's managed file transfer (MFT) solution called MOVEit Transfer since May 2023. This has led to the infection of internet-facing MOVEit Transfer web applications with specific malware used by CL0P, which was then used to steal data from the underlying MOVEit Transfer databases.

CISA Executive Director for Cybersecurity Eric Goldstein said, “CISA remains in close contact with Progress Software and our partners at the FBI to understand prevalence within federal agencies and critical infrastructure.” He added that the joint advisory provides timely steps for organizations to protect against and reduce the impact of CL0P ransomware or other ransomware threats. CISA is working to notify vulnerable organizations, urging swift remediation and offering technical support where applicable. Organizations that may be impacted should contact CISA via cisa.gov/report or their regional cybersecurity representative.

Bryan Vorndran, Assistant Director of the FBI's Cyber Division, emphasized the importance of collaboration between the FBI and CISA in sharing information to enable organizations to better protect themselves from malicious cyber actors. He also encouraged private sector partners to implement the recommended steps and report any suspicious cyber activity to their local FBI field office and CISA.

The advisory urges all organizations to review the information and implement the recommended mitigations to reduce the likelihood and impact of CL0P and other ransomware incidents. Organizations are also reminded to visit StopRansomware.gov, which offers a variety of free U.S. government resources and services that can help improve cyber hygiene, cybersecurity posture, and reduce the risk of ransomware. CISA, as the nation’s cyber defense agency and national coordinator for critical infrastructure security, leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure that Americans rely on every day. More information can be found at CISA.gov and by following CISA on Twitter, Facebook, LinkedIn, and Instagram.

Related News

• Major Companies Affected by MOVEit Zero-Day Attack
• Clop Ransomware Gang Linked to MOVEit Data-Theft Attacks by Microsoft
• CISA Adds Progress MOVEit Transfer Zero-Day to Known Exploited Vulnerabilities Catalog

Latest News

• Critical VMware vRealize Vulnerability Actively Exploited
• New Vulnerabilities Found in Wago Controllers and Schneider Electric Products
• Zyxel Addresses Critical Vulnerability in NAS Devices
• Asus Addresses Critical Security Flaws in WiFi Routers
• Western Digital Restricts Unpatched Devices From Accessing Cloud Services