Among them: government agencies in Nova Scotia (including the Health Authority, which uses MOVEit to exchange confidential and classified information), the University of Rochester, British Airways and the BBC, which reported the theft of employees’ personal information and that there were other Zellis customers among the victims – Irish airline Aer Lingus and the British pharmacy chain Boots.Ĭurrently, Clop has not yet begun to publish information stolen from companies. Some major Zellis customers have already made official statements about the hack. Zellis, a UK-based payroll and HR solution provider whose customers include Sky, Harrods, Jaguar, Land Rover, Dyson and Credit Suisse, was one of the first to confirm the breach and leak of customer data. Hackers told reporters this past weekend that the vulnerability allowed them to break into MOVEit Transfer servers owned by “hundreds of companies.” Although after that the media urged not to take the word of the hackers, unfortunately, some victims have already confirmed the fact of compromise. Since similar activity was performed manually in 2021, experts believe that the attackers knew about the bug for a long time, but were preparing the necessary tools to automate mass attacks. the report says.Īutomated malicious activity increased markedly on May 15, 2023, right before the start of massive attacks on the 0-day vulnerability. This indicates that the attackers were checking access to organizations and extracting information from MOVEit Transfer, likely using automated tools. Kroll observed activity related to the exploitation of a vulnerability in MOVEit Transfer that occurred on April 27, 2022, May 15-16, 2023, and May 22, 2023. Old vulnerabilityĪs experts from the information security company Kroll now report, it seems that hackers have been looking for ways to exploit the mentioned zero-day vulnerability long before the start of mass attacks, and more precisely since 2021. Among other things, this group is known for the fact that Clop ransomware operators leaked data from two universities. The week before, Microsoft analysts linked these attacks to the Clop ransomware hack group (aka Lace Tempest, TA505, FIN11, or DEV-0950). Attackers used the vulnerability to deploy custom web shells on affected servers, allowing them to list files stored on the server, download files, and steal Azure Blob Storage account credentials and secrets, including the AzureBlobStorageAccount, AzureBlobKey, and AzureBlobContainer settings. For example, exploitation of a vulnerability can lead to privilege escalation and give third parties unauthorized access to the MOVEit Transfer environment. The bug itself was a SQL injection that leads to remote code execution. All versions of MOVEit Transfer were affected by the problem, and it was reported that attacks on them began as early as May 27, 2023. What is MOVEit 0-day breach?Ī 0-day vulnerability ( CVE-2023-34362) in the MOVEit Transfer file transfer management solution became known in late May. Hackers say hundreds of companies have been compromised in recent attacks, with Irish airline Aer Lingus, British Airways, the BBC and British pharmacy chain Boots already confirmed the hack. According to security researchers, the Clop ransomware group has been looking for a way to exploit a vulnerability in MOVEit Transfer since 2021.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |