The AOK and many of their nationwide offices use the software product MOVEit Transfer. There is now the dangerous vulnerability CVE-2023-34362, which is not yet classified. However, the BSI has given the vulnerability the second-highest internal warning level, Orange, and writes “The BSI is monitoring the active exploitation of the vulnerability with confirmed data leakage.”
The manufacturer Progress already published on May 31, 2023 that a critical vulnerability had been found in its software product MOVEit Transfer. Exploitation of the vulnerability allows privilege escalation and unauthorized access to the file system. Progress has been providing a security patch since this weekend.
Security patch since this weekend
That is also necessary, because that BSI - Federal Office for Information Security itself writes in its warning that "the active exploitation of the vulnerability with confirmed data leakage is being observed".. The BSI does not currently say whether it is one or more attackers. It just seems clear that the data leak isn't happening through malware.
The Federal Association of AOK issued a report almost immediately to provide information on the current situation. There it says: Several AOKs are affected by a security gap in data transmission software that is used by numerous companies in Germany and abroad. This gap enabled unauthorized access to the "MOVEit Transfer" application, which is used by the AOKs to exchange data with companies, service providers and the Federal Employment Agency. The AOKs Baden-Württemberg, Bavaria, Bremen/Bremerhaven, Hesse, Lower Saxony, Rhineland-Palatinate/Saarland, Saxony-Anhalt and PLUS as well as the AOK Federal Association are affected.
BSI observes a data leak
The AOK is currently checking whether the security gap has enabled access to the social data of insured persons. The AOK community should be informed promptly as soon as new findings are available. The BSI, however, wants to have already registered the data leak.
To be on the safe side, the AOK has disconnected all external connections based on the data exchange system. As a result, there are currently restrictions on data exchange between the affected AOKs and external partners. According to AOK, intensive work is being done to restore the systems.
Apparently, many companies at home and abroad also use the file transfer software "MOVEit Transfer". There are said to have been further attacks in the USA. However, the attack on the IT service provider Bitmarck is said to have nothing to do with the MOVEit Transfer vulnerability. Experts from TrustedSec have evaluated the vulnerability and the background.
More at Progress.com
Matching articles on the topic