Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label MoveIt Hack. Show all posts
Zero-day Flaw
Data Breach Data Leak MoveIt Hack Patient Info Zero-day Flaw

IBM MOVEit Hack Exposes Data of 4 Million US Citizens

 

Millions of Americans had their private medical and health information stolen after attackers hacked into systems operated by tech giant IBM and exploited a zero-day flaw in the widely used MOVEit file transfer software. 

The MOVEit major hacks exposed the data of more than 4 million patients, according to the Colorado Department of Health Care Policy and Financing (HCPF), which oversees Colorado's Medicaid programme.

In a notification of a data breach sent to people impacted, Colorado's HCPF stated that IBM, one of the state's vendors, "uses the MOVEit application to move HCPF data files in the normal course of business." 

While the Colorado state government or HCPF systems were unaffected by this problem, the letter claims that "certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorised actor." 

These files contain the full names, birth dates, residences, Social Security numbers, Medicaid and Medicare ID numbers, information on income, clinical and medical data (such as lab results and medication information), and information on health insurance for the patients. 

HCPF claimed that the hack in the system affected nearly 4.1 million people. However, IBM is yet to publicly disclose that it was impacted by the MOVEit mass attacks.

The Department of Social Services (DSS) in Missouri was also affected by the IBM MOVEit system breach. However, the exact number of victims is unknown at the moment. Missouri state is home to more than 6 million people. 

Missouri's DSS stated in a data breach notification posted last week: "IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians." The data vulnerability did not directly affect any DSS systems, but it did affect DSS data." 

According to DSS, the data accessed may include an individual's name, department client number, date of birth, potential benefit eligibility status or coverage, and medical claims information. 

Neither Colorado's HCPF nor Missouri's DSS are named on the dark web leak site of the Clop ransomware gang, which has claimed responsibility for the mass hacks. The Russia-linked group asserts on the site, "We don't have any government data."

Colorado's latest breach comes just days after the Colorado Department of Higher Education revealed a ransomware incident in which hackers accessed and copied 16 years of data from its networks. Last month, Colorado State University disclosed a MOVEit-related data breach that affected tens of thousands of students and academic employees.
Read more »
Shell
CIOp MOVEit Attacks cybercrime gang Data Breach MFT MoveIt Hack Ransomware attack Ransomware group Shell

Shell Confirms MOVEit-based Hack After the Threat Group Leaks Data


The CIOp ransomware gang has targeted a zero-day vulnerability in the MOVEit managed file transfer (MFT) product, acquiring data of at least 130 companies that had been utilizing the solution. At least 15 million people are thought to have been affected as of now.

CIOp , the Russia-based cybercrime gang has now started to expose its victim organizations that have refused to negotiate with its demands. Apparently, the victims’ names have been exposed on its leak website, will Shell being the first company to be revealed.

Following the leak, Shell confirmed being affected by the MOVEit attack. In a statement published on Wednesday, the company clarified that the MFT software was “used by a small number of Shell employees and customers.”

“Some personal information relating to employees of the BG Group has been accessed without authorization,” it added.

Shell confirmed the incident only after the Cl0p hacking gang disclosed files allegedly taken from the company. The fact that the group made 23 archive files with the label "part1" public may indicate that they have access to more information.

Following this discloser, the ransomware gang added that they did so since the company refused to negotiate.

However, it is yet not particularly clear of what information has been compromised. Although, the firm confirmed to have informed the affected victims.

Moreover, toll-free phone numbers have been made available to employees in in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands. Thus, indicating that the affected individuals are more likely to be from these countries.

Since no file-encrypting software was used in the attack, Shell noted that "this was not a ransomware event" and that there is no proof that any other IT systems were impacted.

It is worth mentioning that this was not the first time that Shell has been targeted by the CIOs group, since in 2020 the threat actors targeted the company’s Accellion file transfer service. The company noted that during this hack the hackers stole their personal and corporate data.

Some of the other notable companies targeted by the latest MOVEit exploit includes Siemens Energy, Schneider Electric, UCLA, and EY.

It has also been confirmed by some government organizations that they as well were impacted by the hack, while the ransomware group claims to have deleted all the data acquired from such entities.  

Read more »
Zero-day vulnerability
CIOp MOVEit Attacks Cyber Attacks GoAnywhere MFT MoveIt Hack Ransomware Gang Zero-day vulnerability

CIOp Attacks: Ransomware Group Reveal Names of the MOVEit Zero-Day Attack Victims


CIOp ransomware group has revealed names of more than two dozen organizations that are apparently attacked in their campaign via a zero-day vulnerability in the MOVEit managed file transfer (MFT) software.

The ransomware group utilized the MOVEit transfer vulnerability, CVE-2023-34362, to steal data from firms that had been using the product. Despite some evidence indicating that the hackers tested the vulnerability as early as 2021, broad exploitation appears to have begun in late May 2023.

In no time, the attacked were proved to be connected to the CIOp group, that had earlier utilized a zero-day in the GoAnywhere MFT products, stealing data of several firms. The MOVEit zero-day campaign's perpetrators have acknowledged their involvement, and they have given victims until June 14 to contact them in order to stop the release of data taken from their systems. They say they have struck hundreds of targets.

The victims of the attacks include energy giant Shell, as well as firms from various sectors like financial, healthcare, manufacturing, IT, pharmaceutical, and education sectors. A large number of victims include US-based banks and other financial institutions, followed by healthcare organizations. The hackers declared they would not target pediatric healthcare facilities after the breach was discovered.

The first known victims of the attacks included UK-based payroll and HR company Zellis (and its clients British Airways, Aer Lingus, the BBC, and the Boots), the Canadian province of Nova Scotia, the University of Rochester, the Illinois Department of Innovation & Technology (DoIT), and the Minnesota Department of Education (MDE).

Following the ransomware attacks, the group has not yet leaked any data stolen from these organizations.

The number of businesses that have reported being impacted keeps expanding. In recent days, statements about the incident have been released by Johns Hopkins University and Johns Hopkins Health System, UK media authority Ofcom, and a Missouri state agency.

Moreover, in a report published on Thursday, CNN noted that a number of US federal government organizations were also impacted with the attacks, as per Eric Goldstein who is the executive director for CISA. These agencies include Department of Energy, which is now working on the issue to control the impact of the attack.

However, the ransomware gang claims that their prime motive behind these attacks is to acquire ransoms from businesses and confirms that all the state-related data they may have acquired in the attacks has been deleted.

Read more »
US
Cyber Attacks Data MoveIt Hack Safety Security US

US Department of Energy Receives Dual Ransom Demands Amidst Expanding MOVEit Hack Fallout

 

The spokesperson for the US Department of Energy (DOE) revealed that the Russia-linked extortion group Cl0p sent ransom requests to both the nuclear waste facility and scientific education facility of the DOE, which were recently targeted in a global hacking campaign. This attack, initially reported on Thursday, affected the DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant in New Mexico, which is responsible for disposing of defense-related radioactive nuclear waste.

The breach occurred through a security flaw in the file transfer tool MOVEit Transfer, a widely-used software for sharing sensitive data among organizations worldwide. Progress Software, the company behind MOVEit Transfer, discovered the security flaw last month, resulting in various victims, including US government departments, the UK's telecom regulator, and energy company Shell.

This incident highlights the significant impact of ransomware attacks, even on security-conscious federal agencies. Ransomware gangs often target widely-used tools, and the attack on MOVEit Transfer reveals the challenges faced by federal agencies in defending against such threats. 

The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that several federal agencies were affected but noted minimal impact on the federal civilian executive branch. Analysts predict that more victims may emerge in the coming weeks.

The ransom requests to the DOE were sent via individual emails to each facility. The spokesperson did not disclose the demanded amount, but mentioned that the two entities did not engage with Cl0p. Currently, there is no indication that the ransom requests have been withdrawn.

In response to the breach, the DOE has notified Congress and is cooperating with law enforcement and the CISA in their investigations. Cl0p did not respond to requests for comment, but in a post on its website, it said, “WE DON’T HAVE ANY GOVERNMENT DATA” and suggested that should the hackers inadvertently have picked up such data in their mass theft “WE STILL DO THE POLITE THING AND DELETE ALL.”

According to Allan Liska, an analyst from Recorded Future, Cl0p's assertion about deleting government data may be an attempt to safeguard themselves from potential retaliation by Washington and other governments.
Read more »
Subscribe to: Posts (Atom)