web analytics

Clop Ransomware Gang Asserts It Hacked MOVEit Instances – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author: 1

Fraud Management & Cybercrime
,
Governance & Risk Management
,
Patch Management

Russian-Speaking Extortion Operation Says It Will Start Listing Victims on June 14

David Perera (@daveperera) •
June 6, 2023    

Clop Ransomware Gang Asserts It Hacked MOVEit Instances
Image: Shutterstock

The Clop ransomware-as-a-service gang said it is the actor behind a spate of hacks taking advantage of a vulnerability in Progress Software’s MOVEit managed file transfer application.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

On Tuesday, Clop said on its dark web leak site, in all caps, that it has used the MOVEit flaw to download information from hundreds of companies. “We download alot of your data as part of exceptional exploit. We are the only one who perform such attack and relax because your data is safe,” the Russian-speaking criminal gang wrote in a misspelled post.

Clop’s assertion is not unexpected; Microsoft this week attributed the attacks to Clop affiliate FIN11, which the computing giant tracks as Lace Tempest (see: Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate).

Gang representatives reportedly took credit for the attacks Monday in communications with Bleeping Computer and a Reuters reporter.

Clop said it will begin posting the names of victims starting on June 14 unless it hears from them first. It also asserted that it had erased data obtained from “government, city or police service” sources since “We have no interest to expose such information.”

Information Security Media Group could not independently verify Clop’s claims. The gang earlier this year used a vulnerability in another file transfer application made by Fortra to attack dozens of victims.

Threat actors on May 27 began active exploitation of the MOVEit vulnerability, tracked as CVE-2023-34362. Progress Software released a patch on June 2.

Cybersecurity firm GreyNoise said it had detected scanning activity associated with the vulnerability as early as March 3. Internet protocol addresses performing the scans came from malicious sources, the firm added.

The MOVEit flaw is an SQL injection vulnerability that enabled hackers to access the server database. Mandiant said it is aware of “multiple cases where large volumes of files have been stolen.” Mandiant also warned that hackers may have stolen Azure system settings.

The list of known victims is, for the moment, short, but it includes British payroll provider Zellis. Through it, affected firms include airliners British Airways and Aer Lingus, as well as the BBC and U.K. drugstore chain Boots.

The government of Canadian province Nova Scotia acknowledged that MOVEit hackers had breached residents’ personal information. And the University of Rochester said Friday it is investigating a cybersecurity attack on its file transfer software. A university spokesperson didn’t immediately confirm that the software in question is MOVEit. A representative of Progress Software also did not immediately return a request for comment.

Original Post url: https://www.databreachtoday.com/clop-ransomware-gang-asserts-hacked-moveit-instances-a-22246

Category & Tags: –

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post