Cl0p’s cybercriminals definitely make the fun last. After having exploited an unknown vulnerability in the MOVEit secure transfer software since the end of May, the gang has been gradually listing its victims since mid-June, a way no doubt to continue to increase the pressure on its targets. .
A targeted health group
In addition to well-known companies, such as the oil giant Shell, two French companies are for the moment concerned by this massive piracy visibly carefully prepared. The gang had relied on a flaw in MOVEit, vulnerable to an SQL injection attack, to steal documents exchanged on this service.
As spotted by Numerama, a major provider of medical diagnostic services, Synlab, has thus fallen victim to hackers. The company, which has 400 medical analysis laboratories in France, had indicated in a press release published on June 8 that it was indeed concerned. The company used MOVEit to “exchange secure data flows with healthcare establishments”, she specifies.
American premium
But only four laboratories would have been targeted by the hack, “a very small number of patients, administrative personal data and old health data”, adds Synlab. “Nothing allows us to conclude that there has been any misuse or malicious use of the information collected”, continues the company. The second French company that would have been affected, according to the cybercriminals’ claims, is Cegedim. This specialist in business software intended for health and insurance professionals has not reacted for the moment.
If the cybercriminals of Cl0p claim on their site that they are not interested in government data – obviously a rather clumsy way of avoiding being too exposed to the response of a State -, the American administration has just report that his bounty program was also about this gang.
The United States is offering up to ten million dollars for any information leading to the identification of malicious hackers acting against American critical infrastructures.