Security News > 2023 > June > Microsoft links Clop ransomware gang to MOVEit data-theft attacks

Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations.
"Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site," the Microsoft Threat Intelligence team tweeted Sunday night.
The attacks are believed to have started on May 27th, over the long US Memorial Day holiday, with BleepingComputer aware of numerous organizations having data stolen during the attacks.
The Clop ransomware operation is known to target managed file transfer software, previously responsible for data-theft attacks using a GoAnywhere MFT zero-day in January 2023 and the zero-day exploitation of Accellion FTA servers in 2020.
The Clop gang is known to wait a few weeks after data theft before emailing company executives with their demands.
"We deliberately did not disclose your organization wanted to negotiate with you and your leadership first," reads a Clop ransom note sent during the GoAnywhere extortion attacks.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |