Hackers have been able to take advantage in a vulnerability in MOVEit Transfer, to launch an assortment of successful ransomware attacks on at least 140 different companies and organizations. Performed by the Russia-linked Clop ransomware gang, the attacks exploited a security flaw in the popular corporate file transfer tool, which has since been patched, according to TechCrunch. The gang itself claims the number of organizations that it compromised to be in the hundreds and has previously been associated with two other mass-attacks using vulnerabilities in file transfer tools.
While the exact scale of the compromised data is still unknown, with only 10 victims having confirmed the number of people affected, it’s already reached at least 15.5 million individuals, with millions more expected to be confirmed as additional victims provide updates. At the moment, in addition to numerous private organizations, various public organizations have been hit, including at least seven U.S. universities, and at least 16 U.S. public section organizations, including the U.S. Department of Health and Human Services, and two separate Department of Energy entities.
In response to this recent round of attacks, the U.S. State Department has offered a $10 million bounty for information on the Clop ransomware group.
Source:
https://techcrunch.com/2023/06/29/millions-affected-moveit-mass-hacks/
https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/
