MOVEit Transfer Exploited to Drop File-Stealing SQL Shell
released on 2023-06-07 @ 08:17:25 PM
SentinelOne has observed in-the-wild (ITW) exploitation of CVE-2023-34362, a vulnerability in the MOVEit file transfer server application. The attack delivers a Microsoft IIS .aspx payload that enables limited interaction between the affected web server and connected Azure blob storage. On June 5, the Cl0p ransomware group claimed responsibility for these attacks, though SentinelOne notes the targeting of a file transfer application vulnerability resembles other exploitation conducted by financially motivated actors throughout early 2023.