Following Cl0p's MOVEit vulnerability exploitation.
By Tim Nodar, CyberWire senior staff writer.
Jun 21, 2023

A large number of affected organizations, some claims by ClOp, and a criticism of alleged irresponsible disclosure.

Following Cl0p's MOVEit vulnerability exploitation.

The Record by Recorded Future reports that there appear to be at least sixty-three organizations that were compromised by the Cl0p ransomware gang via the MOVEit vulnerabilities.

A partial update to the list of Cl0p's victims.

SecurityWeek says the group’s victims include Gen Digital, the U.S. Department of Energy, Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia government, British Airways, the British Broadcasting Company, Aer Lingus, U.K. drugstore chain Boots, University of Rochester, the Illinois Department of Innovation & Technology (DoIT), and the Minnesota Department of Education (MDE). Cyber Security Hub reports that PwC and Ernst & Young were also compromised.

Cl0p says it doesn't have some of the data people say it does.

Cl0p claims that it doesn’t have stolen data from the BBC, British Airways, and Boots, although the BBC notes that it’s entirely possible the group is lying. The gang also told BleepingComputer that it had deleted any data stolen from government entities. (How that claim comports with ransom demands received by government agencies is unclear.)

SOS Intelligence CEO Amir Hadžipasić told the BBC, “Clop has no real reason to say they don't have the data. If they are telling the truth then it makes me think that some other hackers may have got in and stolen the data before Clop and if Clop don't have the data then this situation is less predictable. The files are going to end up somewhere on the darkweb via another hacking group.”

Tweets allegedly revealed too much about MOVEit vulnerability.

Progress, which developed, sells, and maintains MOVEit, objected Sunday to tweets by a security researcher that represented, in the company's view, careless and irresponsible disclosure. "A third party publicly disclosed a vulnerability impacting MOVEit Transfer and MOVEit Cloud in a way that did not follow normal industry standards, and in doing put our customers at increased risk of exploitation. Because it is common across the industry that reported vulnerabilities lead to increased attention from both malicious threat actors and cybersecurity researchers trying to uncover new vulnerabilities, we are working closely with our industry partners to take all appropriate steps to address any issues."