HQ/EMEAFind out how we can help your business
Security researchers have recently uncovered a concerning connection between the infamous Clop ransomware gang and a surge of large-scale hacks aimed at a widely used file transfer tool – MOVEit Transfer. As the dust settles, the initial victims of these cyberattacks are stepping forward, shedding light on the issue.
Last week, cybersecurity experts unveiled the exploitation of a recently discovered vulnerability in MOVEit Transfer, a prominent file-transfer tool utilised by numerous enterprises for seamless online file sharing.
This zero-day vulnerability has opened the gates for hackers to gain illicit access to the databases of affected MOVEit servers, potentially compromising businesses’ sensitive data.
Clop ransomware claimed the zero-day vulnerability abuse against MOVEit Transfer.
On their dark web leak site, the notorious ransomware gang known as Clop announced on Tuesday that they have successfully exploited the MOVEit flaw, enabling them to access sensitive information from hundreds of targeted companies.
In a statement, the Russian-speaking criminal group asserted their exclusive involvement in this exploit while assuring the victims that their stolen data remains secure. However, Clop issued an ultimatum, declaring their intention to publicly disclose the names of their victims commencing on June 14 unless contacted beforehand.
The cybercriminals stated that they have deliberately erased any data acquired from government, city, or police services, citing a lack of interest in exposing such information.
Claims made by the Clop ransomware gang regarding exploiting the MOVEit vulnerability are yet to be verified. However, earlier this year, the same criminal group targeted numerous victims using a vulnerability in a different file transfer application developed by Fortra.
Responding to this critical security issue, Progress Software, the developer of MOVEit Transfer, released a patch on June 2 to mitigate the risk. Security researchers reported detecting scanning activities associated with the vulnerability as early as March 3, with the scans originating from malicious sources.
Meanwhile, Microsoft security researchers have attributed the attacks to a group known as “Lace Tempest,” which they have identified as an affiliate of the Russia-linked Clop ransomware group. This connection parallels the group’s previous involvement in mass attacks exploiting vulnerabilities in Fortra’s GoAnywhere file transfer tool and Accellion’s file transfer application.
According to Microsoft, the MOVEit vulnerability abuse leads to data exfiltration, heightening concerns about the extent of the breach’s impact.
The magnitude of the MOVEit breach is expected to become clearer as more victims come forward.
