Microsoft confirmed Clop ransomware gang responsible for MOVEit data-theft attacks

Pranav Bhardwaj

Cybersecurity Microsoft Azure Domain Fronting

In a recent revelation, it has come to light that hackers are taking advantage of a newly discovered vulnerability in MOVEit Transfer, a widely used file-transfer tool employed by enterprises for sharing large files online. Microsoft, in its investigation, has identified the Clop ransomware gang as the culprit behind the recent attacks that exploit a zero-day vulnerability in the MOVEit Transfer platform. Their objective has been to steal data from various organizations.

This vulnerability has enabled unauthorized access to the databases of affected MOVEit servers. Progress Software, the developer of MOVEit software, has already taken steps to address this issue by releasing several patches.

According to a tweet by the Microsoft Threat Intelligence team on Sunday night, the attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability have been attributed to Lace Tempest, a threat actor known for ransomware operations and operating the Clop extortion site.

MOVEit Transfer is a managed file transfer (MFT) solution that enables secure file transfers between enterprises, business partners, and customers through protocols like SFTP, SCP, and HTTP-based uploads.

The attacks, which are believed to have commenced on May 27th during the extended US Memorial Day holiday, have resulted in the theft of valuable data from numerous organizations.

To execute their malicious activities, the threat actors exploited the zero-day vulnerability in MOVEit Transfer to deploy specially crafted webshells on servers. These webshells allowed the hackers to obtain a list of files stored on the server, download files, and steal credentials and secrets associated with configured Azure Blob Storage containers.

The Clop ransomware operation has a history of targeting managed file transfer software, previously exploiting a GoAnywhere MFT zero-day in January 2023 and conducting zero-day attacks on Accellion FTA servers in 2020.

Authorities and affected organizations are actively working to mitigate the impact of these attacks and prevent further exploitation of the vulnerability. It is crucial for enterprises utilizing MOVEit Transfer to promptly apply the released patches and ensure the security of their systems to safeguard their valuable data.

Via: Bleeping Computer