Clop Ransomware Gang Asserts It Hacked MOVEit Instances

The Clop ransomware-as-a-service gang said it’s the actor behind a spate of hacks taking advantage of a vulnerability in Progress Software’s MOVEit managed file transfer application.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

In a Tuesday posting on its dark web leak site, Clop said, in all caps, that it has used the MOVEit flaw to download information from hundreds of companies. “We download alot [sic] of your data as part of exceptional exploit. We are the only one who perform such attack and relax because your data is safe,” the Russian-speaking criminal gang wrote.

Clop’s assertion is not unexpected; Microsoft this week attributed the attacks to Clop affiliate FIN11, which the computing giant tracks as Lace Tempest (see: Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate).

Gang representatives reportedly took credit for the attacks Monday in communications with Bleeping Computer and a Reuters reporter.

Clop says it will begin posting the names of victims starting on June 14 unless it hears from them first. It also asserted that it erased data obtained from “government, city or police service” sources since “We have no interest to expose such information.”

Information Security Media Group could not independently verify Clop’s claims. The gang earlier this year used a vulnerability in another file transfer application…