MOVEit vulnerability: the list of victims grows longer
![Image Report examines recent activities of Russian cybercriminals from [Sandworm]](https://incyber.org//wp-content/uploads/2024/04/incyber-news-cybersecurite-cybersecurity-attack-danger-2024-885x690.jpg)
![Image Europol Head of Operations discusses [dismantling of LockBit]](https://incyber.org//wp-content/uploads/2023/12/incyber-news-water-cybersecurite-cybersecurity-885x690.jpg)
Led by the Clop group, the hack of the managed file transfer software is 2023’s most significant cyber attack to date
On June 22, 2023, the cybercriminal organization Clop added a few scalps to its list of data theft victims, carrying the total to 49. Among the more famous ones: Sony, Norton LifeLock and consultancy firms EY and PWC. The hackers took advantage of a vulnerability in MOVEit, the managed file transfer software used by more than 3,000 major organizations around the world.
Most of the intrusions hit MOVEit via Zellis, an HR management software that is very popular in the UK and Ireland. On June 5, 2023, Clop thus launched a coordinated attack against a significant number of various organizations. The cybercriminal group is said to have been preparing this for two years, setting up shop in its victims’ computer systems and patiently waiting for the right time to strike.
The first victims reported bulky downloads and unexpected backups of their computer systems. The BBC, the Canadian province of Nova Scotia and British Airlines and Aer Lingus quickly caught the intrusion. Clop then posted a list of victim organizations, which was gradually updated. The cybercriminals demanded a ransom from each, threatening to publish the stolen data, some of which is rumored to be very sensitive.
Some entities, such as oil company Shell, Norton LifeLock, Ey and PWC, admitted they had been the victims of data theft. Others, like German manufacturer Heidelberg, and the French Synlab, recognized the intrusion but denied any data had been extracted.
In mid-June, 2023, Clop recognized obtaining confidential files tied to States such as the US, which it claims to have immediately destroyed. “We had many emails about government data, we do not have them anymore, we deleted all this information. We are only interested in business, anything tied to the government has been erased,” explained the collective on their website.
US, UK and European authorities have launched an investigation into the cybercriminal group. In particular, the FBI is offering a 10-million USD reward for any critical information on Clop and the attack against MOVEit.