How Clop-MOVEit Hack Shows Evolution in Cyberattacks

[Undescribed Horrific Abuse, One Victim & Survivor of Many]

On 6/16/23, Gunnar Larson <g at xny.io> wrote:
> A criminal hacking group known as Clop has exploited a security flaw in a
> file transfer tool, stealing data from dozens of companies and
> organizations primarily in the US and Europe. The oil giant Shell Plc and
> IAG SA’s British Airways are among the victims, along with US government
> agencies, banks, manufacturing firms and universities. The hacking involves
> demands for ransom payments but doesn’t involve ransomware.
>
> How Clop-MOVEit Hack Shows Evolution in Cyberattacks
> https://www.bloomberg.com/news/articles/2023-06-16/how-clop-moveit-hack-shows-evolution-in-cyberattacks

This is the rest of the text before it asks me to make an account.
Contained links which did not survive copypaste. Doesn’t yet sound
particularly new.

MOVEit is a file-sharing software from Progress Software Corp., which
says it’s designed to enable “secure collaboration and automated file
transfers of sensitive data.” However, the hacking group Clop
discovered a previously unknown vulnerability in MOVEit and exploited
it to steal data from companies and organizations that were using the
tool. The US Cybersecurity & Infrastructure Security Agency warned on
June 1 that the security vulnerability could be exploited to “take
over an affected system.” Cybersecurity experts have so far identified
about 50 companies and organizations that have been victims of the
breach. The hackers claim there are many more. In a statement posted
on their dark web page last week, Clop invited victims to reach out
and negotiate. “We have information on hundreds of companies so our
discussion will work very simple,” the gang said, claiming it had
downloaded “a lot of your data as part of exceptional exploit.”