Cybercriminals may have known about the MOVEit Transfer zero-day since mid-2021

Managed file transfer (MFT) software is a crucial tool for organizations to securely transfer large or sensitive files. However, a recently patched zero-day vulnerability in MOVEit Transfer, a popular MFT software, has caused significant concerns among its users.

Widely exploited zero-day

CVE-2023-34362 is a zero-day vulnerability that affected MOVEit Transfer and was widely exploited from May 27, causing alarm bells to ring throughout the cybersecurity community. Although a patch was eventually released, the attackers managed to steal a significant amount of data by exploiting the vulnerability. The scope of the attack remains unclear, but it is believed that multiple organizations have been affected.

Early Exploitation

However, new evidence suggests that the attackers may have known about the vulnerability since at least mid-2021. Security researchers at risk and financial advisory services firm Kroll found significant evidence indicating that exploitation or testing of the vulnerability may have started much earlier than was believed.

Testing for access

Kroll discovered that testing of access to organizations occurred on a few occasions where the attackers appear to have automated the process. Activity consistent with MOVEit Transfer exploitation occurred on April 27th, May 15th-16th, and May 22nd, indicating that the actors were testing access to organizations. It is suspected that the testing was likely automated and involved extracting information from the MOVEit Transfer servers to identify which organizations were vulnerable.

Manual testing

In the attacks that occurred in July 2021, the attackers appeared to be conducting more manual testing based on the length of the activity. However, they seemed to have switched to automated tools in subsequent activity, which lasted only minutes or even seconds.

Cl0p ransomware group involvement

An analysis of the IP addresses involved in the previous attacks pointed to the Cl0p ransomware group as the probable source of the attacks. In a message posted on its website, the ransomware gang claimed to have exploited the MOVEit zero-day to steal files from “hundreds of companies”. The group instructed victims to get in touch by June 14 to prevent their data from being leaked.

Victims come forward

As the news of the zero-day vulnerability exploit spread, more victims have come forward. The Nova Scotia government has confirmed that it was among the affected organizations. In the UK, payroll company Zellis has also confirmed that its client data was stolen.

The significance of the findings

These findings highlight the significant planning and preparation that likely precedes mass exploitation events. Attackers invest time and effort in identifying potentially exploitable vulnerabilities in widely used software such as MOVEit Transfer. Even after the vulnerability has been patched, organizations still need to be vigilant, as attackers may still look for ways to exploit vulnerabilities in legacy systems.

To mitigate risks, organizations can continuously monitor their systems for any unusual activity, update their software regularly, and perform regular vulnerability assessments. It is also important to have incident response and business continuity plans in place in case of a security breach.

The recent MOVEit Transfer zero-day exploit underscores the criticality of vulnerability management and the impact that a single vulnerability can have on an organization. As cybercriminals continue to look for new ways to exploit vulnerabilities, cybersecurity teams must remain vigilant and proactive, regularly updating their systems and practices. By leveraging the correct tools, approaches, and mindset, organizations can create a comprehensive cybersecurity strategy that is effective against the latest cyber threats.

Explore more

Ethereum’s Fragile Recovery Faces Resistance and Low Demand

The Ethereum ecosystem is currently navigating a treacherous landscape where price action struggles to align with the technical milestones achieved during the most recent network upgrades. While the shift to a more scalable architecture was intended to invite a surge of institutional and retail capital, the reality in 2026 shows a market plagued by indecision and a noticeable lack of

macOS 28 Drops Support for Encrypted Mac OS Extended Volumes

The landscape of digital storage has shifted dramatically over the past decade, leaving legacy file systems struggling to keep pace with the rigorous security demands of modern computing environments. With the release of macOS 28, the long-standing compatibility for encrypted Mac OS Extended (HFS+) volumes has officially reached its end of life, signaling a definitive transition toward the more robust

CapCut Named 2026 Leader in AI Social Media Content Creation

The rapid evolution of generative artificial intelligence has fundamentally altered the digital landscape, shifting the burden of high-quality video production from specialized studios to the palm of every creator’s hand across the globe. By mid-2026, the demand for short-form content reached an all-time high, necessitating tools that could keep pace with the volatile trends of social media algorithms. CapCut emerged

How Will AI and RPA Shape Desktop Automation in 2026?

The integration of cognitive computing with traditional robotic process automation has fundamentally altered the way desktop environments operate across global industries today. No longer confined to the rigid, rule-based scripts of previous cycles, modern automation tools now serve as dynamic, goal-oriented assistants capable of navigating the intricacies of fragmented software landscapes. This shift has allowed organizations to bridge the significant

UiPath Navigates AI Pivot Amid Market Skepticism

The transition from legacy robotic process automation to a sophisticated, agent-centric architecture has forced enterprise software giants to fundamentally rethink their value propositions in an era defined by autonomous reasoning. This paradigm shift represents more than a mere software update; it is a complete structural overhaul that seeks to bridge the gap between simple task execution and complex cognitive decision-making.