Diamond Member Pelican Press 0 Posted November 12 Diamond Member Share Posted November 12 This is the hidden content, please Sign In or Sign Up More data stolen in 2023 MOVEit attacks comes to light Eighteen months after a major cyber incident in which hundreds of organisations were This is the hidden content, please Sign In or Sign Up that exploited a zero-day SQL injection vulnerability in Progress Software’s MOVEit Transfer file transfer product, multiple new victims have come to light, including tech giant This is the hidden content, please Sign In or Sign Up , which has confirmed that data on more than two million of its employees has been leaked. CVE-2023-34362 is a critical zero-day SQL injection vulnerability in the MOVEit Transfer tool, This is the hidden content, please Sign In or Sign Up , but unfortunately not before the Cl0p/Clop ransomware operation was able to use it to orchestrate a mass breach of organisations worldwide. Victims in the *** included the BBC, Boots and British Airways – all of which were compromised via payroll and human resources IT specialist Zellis. This week, researchers at Hudson Rock This is the hidden content, please Sign In or Sign Up affecting at least 25 organisations, orchestrated by an actor using the handle Nam3L3ss, who posted them to an underground cyber ********* forum in CSV format. According to Hudson Rock’s Alon Gal, the data includes employee records from major companies including HP, HSBC, Lenovo, Omnicom, Urban Outfitters, British Telecom and McDonalds, but by some margin the biggest tranche of data – a total of over 2.8 million records – has come from This is the hidden content, please Sign In or Sign Up . Gal said the dataset included contact information and data on organisational roles and departmental assignments within This is the hidden content, please Sign In or Sign Up , which could put employees at risk of social engineering and tailored phishing attacks. “Hudson Rock researchers were able to verify the authenticity of the data by cross-referencing emails from the leaks to Linkedin profiles of employees, and to emails found in infostealer infections where employees in the affected companies were involved,” wrote Gal. In a statement circulated to media, This is the hidden content, please Sign In or Sign Up senior PR manager Adam Montgomery confirmed the veracity of the breach. “We were notified about a security event at one of our property management vendors that impacted several of its customers including This is the hidden content, please Sign In or Sign Up . The only This is the hidden content, please Sign In or Sign Up information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” said Montgomery. “ This is the hidden content, please Sign In or Sign Up and AWS systems remain secure and we have not experienced a security event,” he said. This is the hidden content, please Sign In or Sign Up did not name the organisation through which it was affected. Link to Cl0p? In screenshots of posts made by Nam3Less, shared with Computer Weekly by researchers at This is the hidden content, please Sign In or Sign Up , the actor claimed they were neither a hacker nor affiliated with any ransomware group. They also said they did not buy or sell data, rather they monitored the dark web and other exposed services including AWS Buckets, Azure Blobs, MongoDB servers and the like. “If a company or government agency is ******* enough not to encrypt its data during transfers or if an admin is too ******* or too lazy to password protect their online storage that is on them,” said Nam3L3ss. “The world should know exactly what these companies and government agencies are leaking.” Threat actor Nam3L3ss claims motivation behind data ***** is to hold governments and businesses accountable Whether or not Nam3L3ss has any link to the Cl0p ransomware gang is unclear and has not yet been confirmed. Despite their own assertions, statements made by threat actors should always be treated sceptically. Nam3L3ss could easily be an affiliate or associate of the gang, but it is equally possible that they came by the data via other means. “The actor Nam3L3ss claims that they are not a hacker and that they are only sharing data that they have downloaded from other sources. As you can see from the statement that they shared on BreachForums on Tuesday November 12 2024, they claim to be motivated not by financial gain, but out of a ******* to hold governments and corporations accountable for protecting citizen data,” said Searchlight threat intelligence analyst Vlad Mironescu. “One source of data that the actor commonly uses is information that has been posted on ransomware ***** sites. For example, a lot of the data Nam3L3ss shares, including this This is the hidden content, please Sign In or Sign Up data, appears to come from victims of the MOVEit attacks from last year, which was orchestrated by the ransomware group Cl0p. Nam3L3ss doesn’t appear to be associated with Cl0p or any ransomware group but is simply resharing the data they have found.” Mironescu continued: “It is true that the actor is not selling this data, they are posting it for free or for in-forum credits. However, that does not mean there is no damage done; posting the data for free in BreachForums will put it into the hands of a large number of hackers who could use it for a wide variety of nefarious purposes.” Dark web Kevin Robertson, chief operating officer at This is the hidden content, please Sign In or Sign Up , said: “This ***** shows how data makes its way across the dark web, often reappearing in the news long after breaches took place and often in the hands of other attackers. “The MOVEit breach dominated headlines last year after it impacted thousands of organisations and billions of peoples’ data. It was one of the first examples of a global supply chain ******* that got so large even its perpetrators, Cl0p, struggled to ingest the volume of data compromised. “The ******* hasn’t had anywhere near the media coverage this year as it received last year, but this latest update shows that attackers are continuing to monetise from the data. Nam3L3ss is not thought to be a part of the initial MOVEit *******, but some of its data has landed in their hands, which provides evidence of how stolen data is marketed across the dark web,” he said. This is the hidden content, please Sign In or Sign Up #data #stolen #MOVEit #attacks #light This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment https://hopzone.eu/forums/topic/166383-more-data-stolen-in-2023-moveit-attacks-comes-to-light/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now