Skip to content
Detecteam
  • CompanyExpand
    • Founders Story
    • The Team
  • ProductExpand
    • About Us
  • SolutionsExpand
    • Use Cases
  • ResourcesExpand
    • Detecteam Blogs
    • Contact Us
Twitter Linkedin
Detecteam
Blog · Scenario

MOVEit Transfer Exploitation

Avatar photoByDetecteam 2023-06-152023-06-20

TLP

TLP CLEAR

Author

Jordi Lobo

Summary

The exploitation of a critical zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer solution has been observed. This vulnerability enables remote attackers to gain unauthorized access to the database. Various organizations, particularly in North America, have been affected by this exploitation. The attacker’s behavior appears to be opportunistic rather than targeted. Progress Software has released patches to address the vulnerability and a second SQL injection flaw. Users of MOVEit Transfer are strongly advised to apply the patches immediately and follow emergency incident response procedures. Mitigation guidance, including patch details and indicators of compromise, is provided. The identification of data exfiltration can be achieved through MOVEit event logs. Resources for assessing exposure and detecting exploitation are available.

DATA

moveit.pcapngDownload

TIMELINE

CATEGORY

Exfiltration

references

  • https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
  • https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
  • https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
  • https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34362
  • https://gist.github.com/JohnHammond/44ce8556f798b7f6a7574148b679c643

MITRE ATT&CK

Post Tags: #T1041 - Exfiltration Over C2 Channel#T1190 - Exploit Public-Facing Application#T1210 - Exploitation of Remote Services
Avatar photo
Detecteam
X

Detecteam is transforming cybersecurity detection from static rule-writing to autonomous, continuous validation. Our REFLEX platform automates the detection lifecycle—building, testing, validating and deploying detections in minutes, not months. We help enterprises maximize ROI on existing tools, close high-risk detection gaps faster, and scale security outcomes without scaling headcount. This is the future of detection-as-code, and we’re leading it.

CONTACT US

Detecteam Inc.
300 Lenora Street PMB 659
Seattle, WA 98121 USA
+1 (650) 542-0831
sales@detecteam.com

  • Privacy Policy

SOCIAL MEDIA

Twitter Linkedin
OUR NEWSLETTER

Check your inbox or spam to confirm your subscription.

© 2025 Detecteam Inc. All Rights Reserved.

  • Company
    • Founders Story
    • The Team
  • Product
    • About Us
  • Solutions
    • Use Cases
  • Resources
    • Detecteam Blogs
    • Contact Us
Search