Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Mass-hack. Show all posts

Clop Attacks: More Organizations Confirm to have Fallen Prey to MOVEit Mass-hack


As the ongoing MOVEit hack is getting exposed, their seems to be some new names that have fallen prey to the attack. These organizations involve hotel chain Radisson, U.S. based 1st Source Bank, real estate giant Jones Lang LaSalle and Dutch GPS company TomTom.

Numerous victims have already fallen victim to the Clop ransomware gang, responsible for the widespread data raids that targeted corporate customers of Progress Software's MOVEit file-transfer program.

Radisson Hotels Americas

One of the recently known victim organizations is the Radisson Hotels Americas. The international hotel chain has more than 1,100 locations, which is now appearing on the Clop dark web leak sites following the attack.

Spokesperson, Moe Rama of Choice Hotels’ (which acquired Radisson Hotels Group in 2022), says that a “limited number of guest records were accessed by hackers exploiting the MOVEit Transfer vulnerability, but declined to say how many guests had been affected.”

Jones Lang LaSalle

Jones Lang LaSalle, the U.S. based real estate giant, also claims to have suffered a data breach as a result of the cyberattack. According to a source with the knowledge of the incidents informs that the company informed its employee about the attack via emails. The emails says that all the employee data had been compromised, except the Social Security numbers. Apparently, the data breach affected all of the organization’s 43,000 employees.

“We were notified by MOVEit of a previously unknown security vulnerability in their software. Our immediate investigation detected unauthorized access to a limited number of files; we contained the malicious activity and patched our systems per vendor-provided instructions,” said JLL spokesperson Allison Heraty.

“Our priority has been to communicate directly with those impacted as well as all relevant authorities, which we have done,” she added. One of the first MOVEit victims to be identified by Clop, 1st Source Bank, disclosed in a regulatory filing on Monday that hackers gained access to "sensitive client data of commercial and individual clients, including personally identifiable information."

In a statement, the bank says, “The company has notified and is working with its commercial clients so impacted and is in the process now of identifying and directly notifying individual clients who have been impacted.”

Uofl Health

After appearing on Clop's dark web leak site, UofL Health, an academic health system with headquarters in Kentucky, acknowledged that it had been the subject of the hacks. However, UofL Health did not confirm if data had been accessed.

“Recently, the United States government confirmed that multiple federal agencies had been affected by cyberattacks which exploited a security vulnerability in a popular file transfer tool called MOVEit[…]Unfortunately, a small number of UofL Health medical practices used this software to transfer files to third party vendors," said UofL Health spokesperson David McArthur. “Upon learning of this event, UofL Health immediately took action and is now working with a forensic IT agency to determine the scope of the matter. The security of normal operations at UofL Health hospitals, medical centers, and physician offices has not been jeopardized.”

TomTom

On Tuesday, Dutch navigation giant TomTom also confirmed to have been fallen victims of Clop. “We at TomTom were immediately aware of a data breach that occurred on our vendor’s platform, MOVEit, last month,” said TomTom spokesperson Ivo Bökkerink. “We have taken all necessary safety and security measures to protect the data, and we have informed the relevant authorities,” the company stated. However, it has not been made clear of what data (if any) was stolen.

Following the recent disclosure, several other companies came forward, confirming to have fallen prey to the Clop cyberattacks. Some of them include German investment bank Deutsche Bank, the University of Colorado, the University of Illinois, diagnostics company Realm IDX, and New York-based biopharmaceutical firm Bristol Myers Squibb.

Moreover, there are many other organizations that appeared on Clop’s dark web leak site. However, they did not provide any official statement over the issue. These companies include an electronics maker, a global technology company, a corporate travel management giant and a human resources software maker.

With this, MOVEit hackers have claimed almost 270 victims organizations as of yet, impacting no less than 17 million individuals, as per the latest report by Emsisoft threat analyst Brett Callow.