Security News > 2023 > June > Microsoft links Clop ransomware gang to MOVEit data-theft attacks
Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations.
"Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site," the Microsoft Threat Intelligence team tweeted Sunday night.
The attacks are believed to have started on May 27th, over the long US Memorial Day holiday, with BleepingComputer aware of numerous organizations having data stolen during the attacks.
The Clop ransomware operation is known to target managed file transfer software, previously responsible for data-theft attacks using a GoAnywhere MFT zero-day in January 2023 and the zero-day exploitation of Accellion FTA servers in 2020.
The Clop gang is known to wait a few weeks after data theft before emailing company executives with their demands.
"We deliberately did not disclose your organization wanted to negotiate with you and your leadership first," reads a Clop ransom note sent during the GoAnywhere extortion attacks.
News URL
Related news
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- Ahold Delhaize confirms data theft after INC ransomware claims attack (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |