Security News > 2023 > June > Cl0p announces rules for extortion negotiation after MOVEit hack

The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them - or they will post their name on their dedicated leak page.

The Nova Scotia province shared that "The personal information of many employees of Nova Scotia Health, the IWK Health Centre and the public service has been stolen in the MOVEit global cybersecurity breach."

"Over the last week, Censys has observed a drop in the number of hosts running exposed MOVEit Transfer instances from over 3k to just over 2.6k, indicating that some are potentially being taken offline," the company, which runs a web-based search platform for discovering Internet connected devices, said on Wednesday.

The advisory outlines the malicious tools and tactics used by the group, and contains indicators of compromise and detection rules organizations can use to check whether they have been compromised in these attacks and to clean affected systems, remove unwanted admin accounts, etc.

Progress Software, the company that develops and sells MOVEit Transfer and offers it as a cloud-based service, is contantly updating and revising its own security advisory to reflect new discoveries related to the attacks.

Huntress researchers have recreated and demonstrated the attack chain exploiting MOVEit Transfer software.

News URL

https://www.helpnetsecurity.com/2023/06/08/cl0p-extortion-moveit/