View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers exploit MOVEit file transfer vulnerability

Patches for the bug have now been released after researchers uncovered evidence of an increase in malicious activity.

By Claudia Glover

A critical vulnerability in file transfer system MOVEit Transfer is being actively exploited by hackers, who are using the bug to steal data from the software company’s customers. MOVEit is deployed widely across the public sector in the UK and the US, and users are being urged to take action to safeguard their networks.

Vulnerability actively exploited in file transfer service MOVEit Transfer. (Photo by

The vulnerability is under active exploitation according to research from security company Rapid7. Progress Software, which makes MOVEit Transfer, has released a series of patches to combat the problem.

Vulnerability in MOVEit Transfer exploited by hackers

MOVEit Transfer provides automated file transfers of sensitive information, and is widely used in the private sector and by government agencies.

Progress Software describes the exploit as an SQL injection flaw that allows for “escalated privileges and potential unauthorised access” on targeted systems.

The damage could be widespread. According to Rapid7, there had been 2,500 instances of MOVEit Transfer exposed online by the end of May. The majority of these seem to affect clients in the US, the security company said.

Researchers at another cybersecurity vendor, GreyNoise, observed scanning activity for the login page of MOVEit as early as 3 March. “While we have not observed activity directly related to exploitation, all of the five IPs we have observed attempting to discover the location of MOVEit installations were marked as ‘malicious’ by GreyNoise for prior activities,” relating to cybercrime, the company explains.

Tech Monitor has contacted Progress Software for comment, but speaking to Reuters, the company’s CIO Ian Pitt said it noted the vulnerability on 28 May and moved quickly to make patches available. Pitt said the problem also impacts the company’s cloud service, but that he is not aware of any exploits taking advantage of this.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

How MOVEit Transfer customers should respond

Based on this scanning activity, researchers at GreyNoise recommend that users of this transfer service should extend the time window for their review of potentially malicious activity to at least 90 days. 

Progress Software is urging customers using the file transfer service to “immediately” disable all HTTP and HTTPS traffic to their transfer environments and to moderate firewalls to deny such traffic to MOVEit Transfer ports.

Security researcher Kevin Beaumont believes the impact of the vulnerability could be significant, writing on Mastodon that the company has a “huge US footprint, including the US government”. Beaumont warned: “Everyone online is still vulnerable, this includes some big banks.”

The UK’s NHS has released an advisory through its NHS Digital platform posting mitigation advice. US cybersecurity agency CISA has also released a warning, urging customers of MOVEit Transfer to take immediate action. 

Read more: More Toyota driver data found online

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.