The Clop Ransomware Gang Have Struck State, Federal Agencies And Hospitals

By: Denise Simon | Founders Code

It was several days ago that the first reports started to surface and as CISA/FBI issued warnings, the target list/victims continued to expand.

All attributions so far point to a Russian entity with a history of this and those attributions do not come from the federal government but rather from outside cyber expert companies across the country.

Clop ransomware gang starts extorting MOVEit data-theft victims

Source and expanded details

So, does anyone remember when President Biden gave a list of entities that were completely off-limits to cyber-attacks? Remember?

Well, it was exactly a year ago this month…

There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. This directive supersedes Homeland Security Presidential Directive 7.

Click here for the full description of the list. 

Meanwhile, the victims of this cyber-attack that are connected to MoveIT and CLOT include:

Reported by TechTarget:

Illinois, Minnesota and Missouri state governments are among a growing list of organizations attacked via a critical flaw in Progress Software’s MoveIT Transfer product.

Progress Software on May 31 detailed an SQL injection bug in its managed file transfer (MFT) software MoveIt Transfer. Progress urged customers to immediately apply mitigations for the vulnerability, tracked as CVE-2023-34362, while it worked on a patch, which was released later that day. But as security vendors reported soon after, the critical bug was already under active exploitation in the wild.

wave of organizations have disclosed data breaches in the wake of CVE-2023-34362 coming to light. Some of the early major names affected by the MoveIT flaw included the government of Nova Scotia, Canada; HR software provider Zellis; the BBC; British Airways; and British retailer Boots.

Several other organizations have disclosed compromises since that initial wave, including U.K. broadcast regulator Ofcom and networking vendor Extreme Networks. Multinational accounting firm Ernst and Young was also reportedly breached via the critical flaw. Ernst and Young did not reply to TechTarget Editorial’s request for comment, but the BBC said it received confirmation of a data breach from the firm.

Additionally, Johns Hopkins University Hospital got hit as well as British Airlines. 

CNN adds information to the report:

A Russian-speaking hacking group known as CLOP last week claimed credit for some of the hacks, which have also affected employees of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, among others.

The Russian hackers were the first to exploit the vulnerability, but experts say other groups may now have access to software code needed to conduct attacks.

The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web. As of Thursday morning, the dark website did not list any US federal agencies.

The episode shows the widespread impact that a single software flaw can have if exploited by skilled criminals.

The hackers – a well-known group whose favored malware emerged in 2019 – in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion.

Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.

Share:

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *