We did not have time to report how Microsoft connected the recent kiberataku on Moveit Transfer with the Lace Tempest group, which has direct ties with Clop hackers, the latter themselves left the shadows and took responsibility for the attack.
The representative of the gang himself got in touch with the American media and confirmed that the attack using the zero day vulnerability, which everyone is talking about in recent days, is really the work of Clop’s hands. The representative also confirmed that they began to exploit the vulnerability on May 27, during the “Memorial Day” in the USA, like previously reported researchers Mandiant.
Attacks on holidays is the usual tactic for CLOP hackers, because in this case there are few employees of the organization in workplaces, so they may not notice the attack, or it is much worse to react to it than to attack on a regular working day. So, Clop used the similar vulnerability of the zero day Accellion FTA on December 23, 2020 – right at the beginning of Christmas holidays.
Although the hackers have not yet reported the number of organizations injured as a result of an attack on Moveit Transfer, they said that the victims will soon appear on their data leakage if the redemption negotiations do not end in favor of the cybercriminals. However, the representative confirmed that the stage of active extortion has not yet been started. As we previously reported, hackers are most likely so far busy with the structuring of data and determine their value.
The representative of the extortion gang also made a very loud and interesting statement: the hackers allegedly deleted all the data stolen from governments, military and children’s hospitals during an attack on Moveit Transfer. It is not known whether the attackers are told to the truth, but if they care about their reputation, after such statements, their word needs to be kept.
“I want to tell you right away that we are not going to attack the military and children’s hospitals, the government, etc., so their data was deleted,” Clop said.
In the meantime, the victims affected, which, of course, the former learned about the compromise of their data, gradually make public statements about this. So, Zellis, the British supplier of decisions for calculating wages and personnel management, confirmed that due to these attacks there was a leak of data, which also influenced some of his customers.
As reported, Zellis has influenced such large companies as British Airways, BBC and British Boots Pharmacy Network. That is, these companies did not go into the clutches of hackers directly after attacking Moveit Transfer, however, since all these companies were Zellis clients, the attackers still got their own.
Unfortunately, as we saw in previous CLOP attacks on the MFT platform, over time the list of victims will only grow and grow, so we will also hear loud statements about the compromise of large companies.