BBC, British Airways and the government of Nova Scotia have reportedly fallen victim to one of the largest global supply chain-related hacking attacks in recent times. According to a report in the Associated Press, US and UK cybersecurity officials have warned that the hack by a Russian cyber-extortionist gang of a popular file transfer program among businesses could have widespread global impact. The range of companies affected by this attack is believed to be from different industries. These include healthcare, financial services, technology, manufacturing, insurance, government and more.
“This is possibly one of the most significant breaches in recent years,” Brett Callow, an analyst at the cybersecurity firm Emsisoft, told the AP. “We will get a better idea of how important it is as more details emerge about the number and type of organizations affected,” he added.
Who is the hacker
The Cl0p ransomware syndicate announced on its dark website late Tuesday (June 6) that its victims — which it claims number in the hundreds — have until June 14 to get in touch to negotiate a ransom, or walk away they risk sensitive stolen data being dumped online. Cl0p is one of the world’s most prolific cybercrime syndicates, and this isn’t the first time it has breached a file transfer program to gain access to data it could then use to extort companies. Other examples include GoAnywhere servers in early 2023 and Accellion File Transfer Application deficiencies in 2020 and 2021
What is the software that has been hacked
The abused program, MOVEit, is widely used by companies to securely share files. The parent company of its MOVEit is based in the US Progress software. It alerted its customers to the breach on May 31 and released a patch. However, cybersecurity researchers fear that by then at least hundreds of companies may have quietly leaked sensitive data. MOVEit software is especially popular in the US.
Researchers at security company Security Scorecard detected 2,500 vulnerable MOVEit servers in 790 organizations, including 200 government agencies. However, it is not known how many vulnerable MOVEit servers have been hacked. The hackers are said to be actively looking for targets, entering them and allegedly stealing data as early as March 29.
Large number of businesses affected
When asked to confirm the identities of several reported victims, a Cl0p spokesperson reportedly replied to an email question: “We have not yet examined the company files, as you can see on our site, we have companies the opportunity to determine their privacy before our actions.”
Zellis, a leading provider of payroll services in the UK serving British Airways, the BBC and hundreds of others, is one of the affected users. “We have notified colleagues whose personal information has been compromised to provide support and advice,” British Airways said in a statement.
The BBC said it was working with Zellis to determine the extent of the breach. The broadcaster said in an email sent to all UK employees and freelancers on Monday that details such as dates of birth, social security numbers and home addresses have been released. But it said the bank account details had apparently not been compromised and there was “no evidence that the data was misused”.
British drugstore chain Boots, which employs more than 50,000 people, also said it told staff about the hack.
US cybersecurity agency sounds the alarm
In a joint advisory issued on Wednesday, the US cybersecurity and Infrastructure Security Agency and the FBI said Cl0p “is estimated” to have compromised more than 3,000 US-based organizations and 8,000 global organizations. “Due to the speed and ease (with which) this vulnerability has been exploited, and based on their previous campaigns, the FBI and CISA expect widespread exploitation of unpatched software services in both private and public networks,” the statement said.
FacebookTwitterLinkedIn
end of article
