Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Mandiant Said TTPs of Threat Group Behind Exploiting MOVEit Appear Similar to FIN11
Adversaries have taken advantage of a zero-day vulnerability in Progress Software's managed file transfer product to deploy web shells and steal data, Mandiant found. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27.

actor critical data exploiting file file transfer flaw hackers injection managed managed file transfer mandiant moveit moveit transfer product progress shells software sql sql injection steal taken threat threat actor threat group ttps vulnerability web zero-day zero-day vulnerability