The Cl0p ransomware group exploited a zero-day SQL injection vulnerability in MOVEit Transfer, a widely-used file transfer solution, affecting over 2,500 organizations worldwide including government agencies, healthcare providers, and financial institutions.
The Attack Chain
Attackers exploited CVE-2023-34362 to deploy web shells on vulnerable MOVEit servers, enabling data exfiltration at massive scale. The vulnerability allowed unauthenticated access to the MOVEit database.