The UK’s Office of Communications (Ofcom) said it was breached by the Cl0p ransomware gang, adding the regulator to a growing list of organizations affected by the MOVEit bug.
The regulator said that attackers took confidential info about companies regulated by Ofcom and data on over 400 of its employees, the BBC reported.
Ofcom is a UK government-approved regulator for communications services, best known for overseeing the broadcasting, telecoms, and postal industries. BBC reports that attackers abused the MOVEit Transfer bug to breach Ofcom.
MOVEit Transfer is a managed file transfer software developed by US-based developer Ipswitch. The zero-day vulnerability affects MOVEit Transfer’s servers, allowing attackers to access and download the stored data.
MOVEit told Cybernews that the bug was patched within 48 hours, adding that it “has implemented a series of third-party validations to ensure the patch has corrected the exploit.”
However, researchers at security firm Huntress claim they uncovered additional vulnerabilities that attackers could exploit to attack victims.
The company reached out to us to clarify that the newly discovered bug has also been patched.
Who are Cl0p?
The list of affected MOVEit customers continues to grow as new supply-chain attacks come to light. For example, Zellis, a popular third-party payroll service provider, was also hacked by exploiting the MOVEit zero-day flaw, resulting in the BBC, British Airways, and retailer Boots losing their data to cybercrooks.
Last week, the Russia-linked gang said it had breached hundreds of companies. In an attempt to avoid attention from resourceful nation-state actors, Cl0p even tried to label themselves as a “friendly” ransomware syndicate by allegedly erasing the data they’ve stolen from governments and law enforcement agencies.
The Cl0p ransomware has been around since 2019 — a long time in the ever-changing ransomware landscape. The gang has also been at the forefront of the ransomware world, with estimated payouts reaching $500 million in November 2021.
In the same year, Ukrainian law enforcement dealt the gang a major blow, leading to several arrests and the dismantling of the gang’s server IT infrastructure. The arrests eventually forced it to shut down operations from November 2021 to February 2022. However, the gang has been steadily recovering since then.
Earlier this year, Cl0p made headlines after successfully exploiting a zero-day bug in another file transfer system, Fortra’s GoAnywhere. The gang breached numerous companies, including Shell, Hatch Bank, Bombardier, Stanford University, Rubrik, Saks Fifth Avenue, and many others.
Updated [June 13, 01:20 PM GMT], clarifying the second flaw has also been patched.
More from Cybernews:
Subscribe to our newsletter