MOVEit zero-day fuels global supply-chain extortion

The Clop group weaponised a zero-day SQL injection in Progress MOVEit Transfer, exfiltrating sensitive files from managed file transfer servers worldwide before patches were available.

Victims faced parallel extortion demands and regulatory scrutiny as stolen data sets appeared across underground markets.

Prevention playbook:

• Apply virtual patching via WAFs, disable HTTP access when vulnerabilities emerge, and monitor for unexpected archive downloads.
• Encrypt data at rest, rotate credentials after any upgrade, and centralise logs for anomaly detection.
• Demand SBOM transparency and patch SLAs from third-party software providers.