Clop Ransomware Gang Exploits Vulnerability in Progress MOVEit File-Transfer Service

The Clop ransomware gang has been exploiting a vulnerability in the Progress MOVEit file-transfer service since May 27, according to a representative of the cybercriminals. Microsoft Threat Intelligence team had already recently identified this group of hackers as the possible attackers.
The first victims have been reported and data has been captured through these attacks. Clop has not yet started blackmailing victims, but this will happen if companies do not come up with money. The stolen data will be made public.

Supply Chain Casualties

British payroll and HR solutions provider Zellis is one of the companies that has been hit by the ransomware gang. This breach, a classic supply chain attack, has also affected the airlines Aer Lingus and British Airways.

MOVEit Service

The managed MOVEit file-transfer service is designed to provide secure and compliant exchange of files containing sensitive data. It can automate and manage complex workflows and provide insight into all file transfer activities in real time.
The exploited vulnerability, CVE-2023-34362, allows hackers to compromise a MOVEit Transfer instance with a manipulated SQL injection. This gives them access to the databases used, such as MySQL, Microsoft SQL and Azure SQL. The hackers can then view the structure and the content contained in these databases.
A patch is now available to protect against this vulnerability.