The Clop cybercriminal gang continues to claim new victims after a massive cyberattack caused by a vulnerability in file transfer software.
When will the list of victims of the Clop hacker collective end? The cybercriminal gang added the names of several major groups to its darknet site on June 22, 2023, with a total of 49 claimed victims as of June 23. Among the companies affected by this cyberattack are electronics and audiovisual giant Sony, as well as two auditing and consulting behemoths, PWC and Ernst & Young. Regarding the last two, a data theft has already been confirmed. No information on Sony has been disclosed at this time.
Other big names claimed by Clop include the BBC, Norton LifeLock, the airlines British Airways and Aer Lingus, the oil company Shell as well as a French laboratory, SYNLAB.
10 million dollars for information on these hackers
The attack began at the beginning of June, after the discovery of a flaw in the MOVEit file transfer software. The hackers were able to infiltrate the program and recover the files exchanged between professionals. Over 3,000 organizations use this software. The first targets noticed large downloads or unexpected backups on their system. Clop works like a ransomware group: the data is stolen and the criminals then demand an astronomical ransom so as not to release it on the web.
The scale of the attack is such that the FBI is now offering $10 million to anyone able to provide information on the Clop hackers. Cybercriminals have also indicated that they have information related to the US government, but said they deleted it to avoid any altercation with the highest state bodies. In vain.
Subscribe for free to Artificials, our AI newsletter, designed by AIs, verified by Numerama!