Three Steps to Prevent a Cybersecurity Breach from MOVEit Exploit: SecurityScorecard’s investigation into Zellis reach uncovers 2,500 exposed MOVEit servers across 790 organizations

The report describes a MOVEit SQL injection exploit used to breach payroll provider Zellis, resulting in remote code execution and large-scale data exfiltration attributed to the Cl0p ransomware gang; SecurityScorecard used Attack Surface Intelligence and NetFlow to identify over 2,500 exposed MOVEit servers (across 790 organizations), observed outbound transfers and web shell activity, and issues remediation guidance including removing vulnerable instances from the public Internet and restricting access.