U.S. and British cybersecurity officials have warned about a Russian cyber-extortion group’s recent hack of a popular file-transfer program used by many corporations.
The breach, carried out by the Cl0p ransomware syndicate, has already affected organizations such as the BBC, British Airways, and the government of Nova Scotia.
Experts believe this breach could have significant global consequences, and as more details emerge, the accurate scale of the impact will become clearer.
Know more about the impact
As previously posted, the targeted program, MOVEit, is widely used by businesses for secure file sharing. The parent company of the software, Progress Software, informed its customers about the breach on May 31 and released a patch.
However, cybersecurity researchers believe that many companies may have already had their sensitive data stolen by then, with potentially numerous organizations still unaware of the breach’s impact.
The affected organizations span various sectors, including healthcare, finance, technology, manufacturing, insurance, and government.
More businesses are expected to disclose data theft as regulatory reporting requirements come into play. It is crucial to note that the full list of victims is yet to be confirmed by the Cl0p group, which has given organizations the option to protect their privacy before any actions are taken.
Who got impacted?
One impacted user is Zellis, a leading payroll services provider in the U.K. that serves British Airways, the BBC, and many others. Zellis reported that only a small number of its customers were affected.
British Airways stated that it notified the affected individuals and provided support and advice. The BBC, with approximately 22,000 employees worldwide, is working with Zellis to determine the extent of the breach.
While personal information like birth dates, national insurance numbers, and home addresses were disclosed, there is no evidence of the data being exploited, and bank account details appear uncompromised.
Other impacted organizations include the following:
- Boots drugstore chain, with over 50,000 employees, and
- Nova Scotia’s government confirmed that residents’ data was exposed. The University of Rochester also suggested it was a victim, although specific details were not disclosed.
Why MOVEit?
The significance of MOVEit lies in its usage by enterprise organizations that need a highly secure method to share sensitive data. This breach fuels the existing identity theft ecosystem, as the compromised data is of great value to cybercriminals.
SecurityScorecard, a cybersecurity firm, identified 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. The extent of the servers that were hacked is still unknown.
โWhatโs disconcerting about MOVEit is that itโs almost exclusively used by enterprise organizations to share extremely sensitive data with each other,โ said Jared Smith, a threat analyst with the cybersecurity firm SecurityScorecard.
Cl0p record
The Cl0p group has a history of targeting file-transfer programs to gain unauthorized access and extort companies. They previously breached
- GoAnywhere servers in early 2023 and
- Accellion File Transfer Application devices in 2020 and 2021.
In a joint advisory, the U.S. Cybersecurity and Infrastructure Security Agency and FBI estimated that Cl0p has compromised over 3,000 U.S.-based organizations and 8,000 global organizations. Due to the group’s past campaigns, they anticipate widespread exploitation of unpatched software services in both private and public networks.
Concluding thought: Should we trust indecent minds?
Cl0p claims not to target governments, cities, or police agencies. Still, cybersecurity experts are skeptical of this statement, considering the group’s financial motivations and tactics to avoid direct conflict with law enforcement. It is still being determined whether the group will honor its promise to delete data stolen from those targets.
PureVPN
June 9, 2023
2 years ago
