You might have heard about the notorious Cl0P ransomware gang making headlines recently. Well, they’re back at it, and this time they’ve set their sights on a few big names in the industry.
A Little Background
Let’s rewind a bit for those who might not be familiar with Cl0P. This ransomware first popped up in February 2019 as an offshoot of the CryptoMix ransomware variant. Its creators, also known as TA505, have been conducting large-scale spear-phishing campaigns, cleverly using verified and digitally signed binary to sidestep system defenses1.
Cl0P was initially known for its ‘double extortion‘ strategy – it would not only encrypt victim data but also steal it. If the victims didn’t cough up the ransom, the data would be published on the Cl0P^_-LEAKS website on Tor. But recently, it seems Cl0P prefers to focus more on data exfiltration than encryption.
The Recent Spree
Fast forward to May 27, 2023, and Cl0P started exploiting a hitherto unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer. They used a web shell named LEMURLOOT to infect internet-facing MOVEit Transfer web applications and snatch data from the underlying databases.
This isn’t their first rodeo with MOVEit. Back in January 2023, they used a zero-day vulnerability (CVE-2023-0669) to target the GoAnywhere MFT platform. They claimed to have made off with data from around 130 victims in just 10 days. And now, they’re back to their old tricks with MOVEit Transfer.
The Latest Cl0P Victims
Now, let’s talk about who’s on the receiving end of these attacks. The victims include some pretty significant players in various sectors:
- Werum IT Solutions (http://werum.com)
- Schneider Electric (http://se.com)
- Siemens Energy (http://siemens-energy.com)
- UCLA (http://ucla.edu)
- AbbVie (http://abbvie.com)
These companies were listed on the Cl0P ransomware group’s blog as the latest victims of the MOVEit vulnerability.
The Potential Impact of Data Leaks on the Targeted Companies
Now, let’s delve a little deeper into who these companies are and why a data leak could spell disaster for them.
Werum IT Solutions
Werum IT Solutions is a leading supplier of Manufacturing Execution Systems (MES) for the pharmaceutical and biopharmaceutical industries. They’re the brains behind some of the most critical software systems that ensure drugs are manufactured according to the necessary specifications. Imagine if their proprietary information or sensitive customer data were to fall into the wrong hands. It could not only damage their reputation but also potentially allow counterfeit drugs to flood the market.
Schneider Electric is a multinational corporation specializing in electrical equipment and energy management. They are responsible for vital infrastructure in many countries. Data leaks here could expose vulnerabilities in this infrastructure, potentially leading to power outages, industrial accidents, or worse. Not to mention the potential for industrial espionage.
Siemens Energy is another giant in the field of energy production and related services. A data breach here could reveal sensitive information about energy grids and power plants. The data could be exploited by malicious actors to disrupt power supply, causing chaos and economic damage. It could also provide valuable intellectual property to competitors.
The University of California, Los Angeles (UCLA) is one of the most prestigious universities in the United States. A data leak here could expose personal information of students and staff, research data, financial information, and other confidential data. The implications range from identity theft to the potential compromise of groundbreaking research.
Last but not least, AbbVie is a pharmaceutical company known for its research and development in areas such as immunology, oncology, and neuroscience. Leaked data could reveal sensitive details about ongoing research, potentially allowing competitors to get ahead or even enabling the creation of counterfeit medications. Personal data about patients involved in trials could also be exposed, leading to privacy breaches.
In short, for all these companies, a data leak could lead to a loss of trust, reputational damage, regulatory fines, and a potential competitive disadvantage. It’s not just about the companies themselves – the ripple effects could affect us all in various ways.