Extreme Networks has revealed that it has fallen victim to the rapidly evolving MOVEit cyber attack. As a consequence, customers who rely on the network hardware and services provided by Extreme Networks may face the potential threat of having their data compromised by the notorious Clop (aka Cl0p) cyber extortion group.
A security flaw called CVE-2023-34262 has been discovered in MOVEit transfer, allowing attackers to exploit SQL injection vulnerabilities. The notorious cyber group known as Clop has been actively developing methods to exploit this vulnerability for a significant period.
Clop has targeted multiple file transfer products, compromising them and leveraging them against their users.
Zellis, a company specializing in HR and payroll software, has emerged as the most prominent target of Clop's recent wave of attacks.
Following the detection of suspicious activity related to the CVE-2023-34262 exploit chain, LeMagIT, reached out to Extreme Networks on Tuesday, June 6th. They discovered an instance of the affected managed file transfer service, MOVEit Transfer, linked to Extreme Networks' domain. The observed behavior of this instance raised concerns about a potential security breach.
Philip Swain, the Chief Information Security Officer (CISO) of Extreme Networks, acknowledged that their instance of the Progress Software MOVEit Transfer tool had experienced a security breach. Swiftly responding to the incident, they activated their security protocols and successfully contained the affected areas.
Swain stated that their investigation into the matter is still in progress. In the event that customer information is found to be compromised, Extreme Networks will directly notify the affected customers and provide them with a comprehensive disclosure of all relevant details.
Additionally, Israel-based threat intelligence firm, Cybersixgill, reported recent findings by its research team regarding the dark web forums. They discovered several posts explicitly seeking data on victims based in the UK. One post even offered a substantial reward of up to $100,000.
Notably, these requests specifically targeted customers of Zellis.
Furthermore, the Cybersixgill revealed that the threat actor responsible for the posts also claimed that the acquired data would be utilized by a specialized team focused on leveraging data sourced from the UK.