IN SUMMARY
- The Cl0P ransomware gang claims to have breached Deloitte.
- Deloitte has refuted the claims made by the gang regarding the breach.
- The Cl0P ransomware gang is actively exploiting the MOVEit vulnerability.
- Deloitte is among the firms using the vulnerable MOVEit Transfer software.
The infamous Cl0p Ransomware has struck again, this time claiming to have targeted the multinational professional services network Deloitte. The ransomware gang, known for its high-profile attacks, claimed responsibility for breaching Deloitte’s infrastructure in a recent post on its dark web data breach blog. While Deloitte’s response refutes the claims, the incident highlights the ongoing risk posed by the MOVEit vulnerability.
Deloitte’s denial of the breach comes with a strong statement from the company’s Global spokesperson. In an exclusive response to Hackread.com, Deloitte stated that they found no evidence of any breach of client data during their analysis.
The company took immediate action upon discovering the zero-day vulnerability, applying security updates and mitigating actions as per the vendor’s guidance. Furthermore, Deloitte claimed that their global network’s use of the vulnerable MOVEit Transfer software is limited, and their analysis revealed no impact on client data.
Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance. Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact on client data.
Deloitte Global Spokesperson
The Cl0p Ransomware group has been on a hacking spree, exploiting the MOVEit vulnerability to target major companies worldwide. Previous victims include renowned names like PWC business consulting firm, TD Ameritrade, Aon, Kirkland, and Ernest & Young, among others. The gang is now also notorious for using clearnet websites to publish stolen data from its victims.
MOVEit vulnerability
The MOVEit vulnerability is a critical security flaw that was found in the MOVEit Transfer software, which is a managed file transfer (MFT) solution developed by Progress Software. The vulnerability allows attackers to execute arbitrary SQL commands on the MOVEit Transfer server, which can be used to steal data, install malware, or take control of the server.
The vulnerability was first disclosed in May 2023, and Progress Software released a patch to address it on June 1. However, by that time, the vulnerability had already been exploited by the CL0P ransomware group to target hundreds of organizations around the world.
As of July 2023, it is estimated that more than 200 organizations have been targeted in the MOVEit attacks. These organizations include government agencies, financial institutions, healthcare providers, and tech companies. The attacks have resulted in the theft of millions of personal and financial records, as well as the disruption of critical business operations.
The MOVEit vulnerability is a serious reminder of the importance of keeping software up to date with the latest security patches. Organizations that use MOVEit Transfer should immediately apply the patch that was released by Progress Software to protect themselves from attack.
MOVEit vulnerability Facts
- The vulnerability is a SQL injection vulnerability, which means that attackers can inject malicious SQL code into the MOVEit Transfer server.
- The vulnerability affects all versions of MOVEit Transfer prior to 2023.2.1.
- The vulnerability can be exploited to steal data, install malware, or take control of the MOVEit Transfer server.
- The vulnerability was first disclosed in May 2023, and Progress Software released a patch to address it on June 1.
- As of July 2023, it is estimated that more than 200 organizations have been targeted in the MOVEit attacks.
Nevertheless, as the investigation into the Deloitte breach continues, the cybersecurity community and affected organizations remain vigilant, keeping a close eye on Cl0p Ransomware’s actions and fortifying their defences against potential vulnerabilities.
RELATED ARTICLES
- Clop ransomware leak 4.75 GB data on Indiabulls conglomerate
- IT Security firm Qualys extorted by Clop gang after data breach
- UK’s Ofcom confirms attack as PoC exploit for MOVEit is released
- Clop ransomware hits Software AG, demands $20 million+ ransom
- Clop ransomware gang leaks Jones Day law firm data on dark web