Massive Data Breach: Over 400 Organizations Hit by CLOP Ransomware’s MOVEit Exploitation

Cyberattacks

CVE-2023-34362

The Russian cybercriminal group known as ‘Clop’ leveraged a weakness in the MOVEit product suite by Progress Software in late May, leading to extensive data theft from unguarded networks.

As per the German cybersecurity research enterprise, KonBriefing, the MOVEit security breach has affected a staggering 421 organizations and over 22 million individuals to date.

The perpetrators, infamous for deploying the CL0P ransomware, now possess a wealth of information that can potentially be employed for phishing and business email compromise (BEC) attacks.

The majority of MOVEit security infringements were recorded between May 30 and May 31, during which the CL0P group exploited a zero-day vulnerability in MOVEit, identified as CVE-2023-34362.

Emsisoft Threat Analyst Brett Callow has highlighted the gravity of the incident, although it’s not on par with the SolarWinds attack, he refers to it as “one of the most significant hacks of recent years.”

Consequences for Affected Entities

The range of affected organizations includes those directly impacted and those indirectly harmed. For instance, the UK-based payroll and HR firm, Zellis, was directly targeted, while large organizations relying on Zellis’ services like the BBC and British Airways faced indirect impact.

Other affected entities include the US Department of Energy, various federal institutions, and large corporations such as Shell, Deutsche Bank, PwC, and TJX Companies. Retail brands owned by TJX such as Marshalls, HomeGoods, HomeSense, and Sierra also faced the repercussions.

Industrial corporation Emerson has confirmed being a victim of the MOVEit attacks but assured that no sensitive data impacting their business or customers was accessed. No other IT infrastructure was impacted, except the system hosting the MOVEit software.

Other notable victims include Siemens Energy, Schneider Electric, and cybersecurity firm Netscout. The ransomware group continually updates the list of purported victims on its leak website.

Honeywell, an industrial giant, has been listed after admitting that some personally identifiable information was obtained through the MOVEit app in a statement released in mid-June.

Numerous German banks and the photo-sharing platform Shutterfly have also confirmed attacks.

Victims’ Count

Several individuals had their personal information compromised, typically involving Social Security numbers. The affected parties range from Fidelity & Guaranty Life Insurance Co. with 873,000 victims to Massachusetts Mutual Life Co., also known as MassMutual, with 242 victims.

CLOP has started leaking files from several companies that refused to pay. The hackers claim to have deleted all information stolen from the affected government entities.

The Wall Street Journal reports that Progress Software is currently facing at least 13 lawsuits claiming that the MOVEit vulnerability resulted from insufficient security measures.

Emsisoft voiced concerns about the considerable potential for misuse of the stolen data, stating, “Once it’s released online, it becomes available to the global community of cyber-miscreants to use in BEC schemes, identity fraud, etc.”

Massachusetts-based MOVEit vendor, Progress Software, patched the vulnerability on May 31 to prevent further breaches. The company stated that none of the vulnerabilities identified post-May 31 have been actively exploited to their knowledge.

However, experts agree that it is too premature to gauge the full extent of the MOVEit data breaches. More victims are expected to surface in the weeks to come.

Some list of IOCs shared here

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

INCIDENT RESPONSE