After GoAnywhere, Clop cybercriminals attack MOVEit transfer software


MOVEit secure transfer software users, apply the emergency update! The group of cybercriminals Clop is indeed exploiting a vulnerability in this program discovered on May 31st. This gives this hacking a massive character, given the number of users of the program.

The gang has indeed confirmed with the Bleeping Computer site its involvement, indicating that it has been at work since Saturday, May 27. The publisher Microsoft had also attributed, in view of similar operating modes, the computer attack to these cybercriminals, called Lace Tempest in its nomenclature.

SQL Injection

Developed by Nasdaq-listed Progress Software, MOVEit is supposed to allow its users to share sensitive files “more easily and intuitively”. According to the publisher, which highlights computer security in its sales pitch, “thousands of organizations” use this software.

But, as the company just explained, the file transfer software’s web application was found to be vulnerable to a SQL injection attack. This allows an attacker to authenticate himself as one of the software users before then exfiltrating the data present on the account.

BBC hit

Progress Software recommends first cutting access, resetting user accounts before finally applying the patch. A few days ago, the US cybersecurity agency, CISA, also urged public federal organizations across the country to apply the update.

The Censys search engine had counted more than 3,800 servers using the service at the beginning of June, including around 40 in France. If we do not know which French organizations are concerned, we already know that the airline British Airways or the BBC use this transfer software.

GoAnywhere MFT

The British information service has thus warned its employees of the theft of personal data, such as their addresses, their dates of birth or their insurance numbers. Similarly, in Canada, information from residents of Nova Scotia, an undetermined number, has also been compromised.

Clop cybercriminals had already made headlines earlier this year with another mass hack also based on a file transfer tool, GoAnywhere MFT. They then claimed to have stolen data from more than 130 organizations in about ten days during this stealth attack exploiting an unknown vulnerability.



Source link -97