Microsoft says that recent attacks, which exploited the MOVEit Transfer 0-day vulnerability, were likely carried out by the Cl0p ransomware gang.
“Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site,” researchers said.
MOVEit Transfer is a managed file transfer software developed by US-based developer Ipswitch. The 0-day vulnerability affects MOVEit Transfer’s servers, allowing attackers to access and download the data stored there.
The bug has already impacted major companies via third-party attacks. For example, British Airways (BA) said an attack on its payroll provider Zellis impacted the company’s employees.
“We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident, which occurred via one of their third-party suppliers called MOVEit,” BA said in a statement.
The Russia-linked ransomware gang Cl0p supposedly confirmed Microsoft’s attribution of the exploit to Reuters’ Raphael Satter, saying that further victims will appear on the gangs’ blog.
Earlier this year, Cl0p made headlines after successfully exploiting Fortra’s GoAnywhere exploit, a zero-day bug. The gang breached numerous companies, including Shell, Hatch Bank, Bombardier, Stanford University, Rubrik, Saks Fifth Avenue, and many others.
“Microsoft strongly urges organizations affected by the CVE-2023-34362 MOVEit Transfer vulnerability to apply security patches and perform mitigation actions provided by Progress in their security advisory,” Microsoft's team said.
Cl0p ransomware has been around since 2019 — a long time in the ever-changing ransomware landscape. The gang has also been at the forefront of the ransomware world, with estimated payouts reaching $500 million in November 2021.
In the same year, Ukrainian law enforcement dealt the gang a major blow, leading to several arrests and the dismantling of the gang’s server IT infrastructure. The arrests eventually forced it to shut down operations through November 2021 to February 2022. However, the gang has been steadily recovering since then.
More from Cybernews:
Subscribe to our newsletter