MENAFN16062023000231011071ID1106445987
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the…
The number of victims targeted by the Clop ransomware gang’s targeting of a critical vulnerability in Progress Software Corp.’s MOVEit file transfer software continues to grow, with the revelation today that the victims now include several U.S. government agencies.
Although a full list of agencies targeted was not disclosed by Cybersecurity & Infrastructure Agency officials who spoke to various media outlets, later reports suggest that the Department of Energy was one of those targeted.
Federal News Network, citing multiple sources, claims that Oak Ridge Associated Universities and the DOE’s Waste Isolation Pilot Plant near Carlsbad, New Mexico, experienced data breaches involving the MOVEit vulnerability. The DOE confirmed the report, although it noted that it did not affect agency data.
“The U.S. Department of Energy takes cybersecurity and the responsibility to protect its data very seriously,” a DOE spokesperson said. “Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency.”
However, the DOE may be the tip of the iceberg as more and more victims continue to come to light. Since a report last week detailing victims, including the BBC, British Airways Plc and the pharmacy chain Boots UK Ltd., had been targeted through a MOVEit attack on payroll company Zellis UK Ltd., the list of victims has grown.
Bleeping Computer reported that Clop has listed thirteen companies and organizations on its dark web leaks site. Several of those listed have since confirmed that they have been victims: Shell Plc, UnitedHealthcare Student Resources, the University of Georgia, the University System of Georgia, Heidelberger Druckmaschinen AG and Landal Greenparks.
Clop is also reportedly demanding that victims pay a ransom, or they will start publishing stolen data on June 21.
MOVEit is managed file transfer software designed to provide secure and compliant file transfers for sensitive data within and between organizations. The vulnerability, officially…
Clop, the ransomware gang responsible for exploiting a critical security vulnerability in a popular corporate file transfer tool, has begun listing victims of the mass-hacks, including a number of U.S. banks and universities.
The Russia-linked ransomware gang has been exploiting the security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet, since late May. Progress Software, which develops the MOVEit software, patched the vulnerability — but not before hackers compromised a number of its customers.
While the exact number of victims remains unknown, Clop on Wednesday listed the first batch of organizations it says it hacked by exploiting the MOVEit flaw. The victim list, which was posted to Clop’s dark web leak site, includes U.S.-based financial services organizations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and the U.K.-based energy giant Shell.
GreenShield Canada, a non-profit benefits carrier that provides health and dental benefits, was listed on the leak site but has since been removed.
Other victims listed include financial software provider Datasite; educational non-profit National Student Clearinghouse; student health insurance provider United Healthcare Student Resources; American manufacturer Leggett & Platt; Swiss insurance company ÖKK; and the University System of Georgia (USG).
A USG spokesperson, who did not provide their name, told TechCrunch that the university is “evaluating the scope and severity of this potential data exposure. If necessary, consistent with federal and state law, notifications will be issued to any individuals affected.”
Florian Pitzinger, a spokesperson for German mechanical engineering company Heidelberg, which Clop listed as a victim, told TechCrunch in a statement that the company is “well aware of its mentioning on the Tor website of Clop and the incident connected to a supplier software.” The spokesperson added that the “incident occurred a few weeks ago, was countered fast and effectively and based on our analysis did not lead to any data breach.”
None of…
Progress Software has released another round of patches for its MOVEit products after researchers discovered new vulnerabilities while analyzing the recent zero-day. The news comes just as more organizations hit by the zero-day attack have come forward.
The zero-day affecting the MOVEit Transfer and Cloud managed file transfer (MFT) software, tracked as CVE-2023-34362 and described as an SQL injection issue, has been exploited to steal data from organizations that have been using the product. The flaw started being widely exploited in late May, but new evidence suggests that cybercriminals have been testing it since as early as 2021.
The attacks were conducted by a cybercrime group known for the Cl0p ransomware operation. The hackers claim to have hit hundreds of organizations, giving them until June 14 to get in touch in order to prevent data stolen from their systems from getting leaked.
In a new advisory published on Friday, Progress informed customers that it has released patches for new vulnerabilities discovered by cybersecurity firm Huntress, whose researchers have been monitoring attacks involving exploitation of CVE-2023-34362.
The vendor said the new flaws “could potentially be used by a bad actor to stage an exploit”, but noted that currently there is no evidence that they have been exploited in the wild. Both MOVEit Transfer and MOVEit Cloud products are again impacted.
Huntress has described its findings as “further attack vectors” discovered during its analysis.
CVE-2023-35036 has been assigned to the new vulnerabilities, which have also been described as SQL injection bugs that can be exploited by an unauthenticated attacker to access MOVEit databases.
At least 100 organizations have been reportedly hit by attacks exploiting the MOVEit zero-day, but the number of victims could be much higher considering that there are as many as 3,000 internet-exposed systems.
One of the first victims to come forward was UK-based payroll and HR company Zellis. Several major companies using Zellis services were hit, including the airlines British Airways and Aer Lingus, the BBC, and pharmacy chain Boots.
The…