The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) today published a joint Cybersecurity Advisory (CSA) with recommended actions and mitigations to protect against and reduce impact from CL0P Ransomware Gang exploiting MOVEit vulnerability (CVE-2023-3436).
According to open-source information, CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE-2023-34362) in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer beginning in May 2023. Internet-facing MOVEit Transfer web applications were infected with a specific malware used by CL0P, which was then used to steal data from underlying MOVEit Transfer databases.
“CISA remains in close contact with Progress Software and our partners at the FBI to understand prevalence within federal agencies and critical infrastructure,” said CISA Executive Director for Cybersecurity Eric Goldstein. “Today’s joint advisory provides timely steps that organizations can take to protect against and reduce the impact of CL0P ransomware or other ransomware threat. CISA continues to work diligently to notify vulnerable organizations, urge swift remediation, and offer technical support where applicable. Potentially impacted organizations should reach out to CISA via cisa.gov/report or your regional cybersecurity representative.”
“The FBI, alongside our partners at CISA, works diligently to share information in a timely manner to enable organizations to better protect themselves from malicious cyber actors,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. “While the FBI remains steadfast in our efforts to combat the ransomware threat at large, this is not a fight we can win alone. We encourage our private sector partners to implement the recommended steps, and if you believe you’re a victim of suspicious cyber activity, to report the compromise to your local FBI field office and CISA.”
All organizations are encouraged to review the advisory and implement the recommended mitigations to reduce the likelihood and impact of CL0P and other ransomware incidents. Also, organizations are reminded to visit StopRansomware.gov which provides a range of free U.S. government resources and services that can help bolster cyber hygiene, cybersecurity posture and reduce risk to ransomware.
Read more at CISA