Progress Software Has Critical Hacking Vulnerabilities

Uploaded on 2023-06-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Several US federal government agencies have been hit in a global cyber attack by Russian cyber criminal gang, called ClOP, that is exploiting a vulnerability in widely used Progress software product, according to a top US cyber security agency. Progress has confirmed this vulnerability in MOVEit Transfer, which most probably assists criminal environment access. 

On June 15 the US Cybersecurity & Infrastructure Security Agency (CISA) said that another software product from Progress had been exploited to breach multiple US federal agencies by “unattributed APT actors”, these products are from a Progress subsidiary Telerik, which was a company acquired in 2014.

The release of the advisory detailing the latest vulnerability comes after CISA said that federal agencies were recently hacked by the transfer tool at the hands of the CLOP ransomware gang, which is part of many attacks that are using a number of vulnerabilities in the platform.

The CLOP ransomware group is one of numerous gangs in Eastern Europe and Russia that are almost exclusively focused on extorting their victims for as much money as possible. “Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialisation vulnerability in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server... Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.” says the CISA statement.

MOVEit Hacked

The same day, Progress confirmed that its widely used MOVEit software had been Hacked. “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorised access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment,” said Progress in a statement.

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your MOVEit Transfer environment.  

The best advice provided by Progress is probably to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard the environments. This should be done while a patch is being prepared to address the vulnerabilities and in case even more of them come to the surface.The issue has been published by Progress, and it is another SQL injection vulnerability that could potentially allow unauthenticated attackers to gain access into MOVEit's database. 

Should attackers present a payload into the MOVEit Transfer application endpoint, they could ultimately modify the database content. 

Progress Software is encouraging MOVEit Transfer customers to take immediate action to help harden their MOVEit Transfer environments, noting that it is "extremely important" that users act as quickly as possible. "As we continue to investigate the issue related to MOVEit Cloud and MOVEit Transfer that we previously reported, an independent source has disclosed a new vulnerability that could be exploited by a bad actor," according to a press statement.

Energy Companies & Universities Targeted

Cyber attacks using the MOVEit Transfer program have currently affected a number of US government agencies, alongside many other companies and organisations. These include Oak Ridge Associated Universities, a not-for-profit research center, and Waste Isolation Pilot Plant, a contractor which disposes of atomic energy waste, who are now having to deal with the loss of stolen information, disrupted systems, and sometimes even the demands of ransom payments.

It is anticipated that the number of corporate victims exposed to these Progress software vulnerabilities could run into the hundreds and, although there haven't been any indications that threat actors have yet exploited the new vulnerability, Progress says that it is communicating with customers with information and advice to help protect themselves and their customers.

Progress:   CISA:     Dark Reading:    CNN:    Malwarebytes:     The Stack:    NCSC:   

You Might Also Read: 

 

Update: BBC, British Airways & Boots In Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is The Cybersecurity Maturity Model Certification (CMMC)?
Why Are Businesses Ignoring Incident Response? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.