The Clop ransomware gang says it is responsible for recent attacks via the vulnerability in Progress’ MOVEit file-transfer service. Victims have been affected through their supply chain.
According to a representative of the cybercriminals, the Clop ransomware gang has been exploiting the vulnerability in the file-transfer service since May 27. The Microsoft Threat Intelligence team had recently identified this hacker group as the possible attackers.
By now, the first victims were also said to have occurred and data was captured by these attacks. According to Clop, they have not yet started blackmailing victims, but are going to. If companies do not come forward with money, the stolen data will be made public.
Supply chain victims
One company now affected by the ransomware gang is British payroll and HR solutions provider Zellis. Through this breach, a classic supply chain attack, airlines Aer Lingus and British Airways, for example, have also been affected.
MOVEit service
The affected managed MOVEit file-transfer service is designed to provide secure and compliant exchange of files containing sensitive data. To do so, the service can automate, manage complex workflows and provide visibility into all file-transfer activity in real time.
The exploited vulnerability, CVE-2023-34362, allows hackers to penetrate a MOVEit Transfer instance with a manipulated SQL injection. This gives them access to the databases used, for example MySQL, Microsoft SQL and Azure SQL. The hackers can then access the structure and content contained in these databases.
Meanwhile, a patch is available.
Also read: Critical vulnerability in file transfer service MOVEit