In a seemingly relentless spree of cyber-attacks, the infamous Cl0P ransomware gang is back, and this time they’ve trained their sights on TD Ameritrade, the major U.S brokerage firm. It appears that the firm is the latest victim in Cl0P’s ongoing saga of data breaches, with the gang listing TD Ameritrade on their notorious Data Leakage site.
TD Ameritrade Hit
As we wait for more information, it is evident that TD Ameritrade is potentially facing an immense cybersecurity crisis. Should past events serve as an indicator, we might soon see the stolen data surfacing on the Cl0P^_-LEAKS site if TD Ameritrade does not capitulate to the ransom demands. The Cl0p ransomware gang claims to have stolen 260GB worth of data.
The Cl0p ransomware gang is demanding on their DLS, that both EY.com and Ameritrade have to pay the ransom amount before Monday, the 10th of July 2023.
Cl0P’s Weapon of Choice: The MOVEit Vulnerability
From available evidence, the Cl0P gang continues to exploit the MOVEit vulnerability with ruthless efficiency. It is through this significant flaw that they have wreaked havoc on numerous victims, causing extensive damage and extracting vast amounts of valuable data.
The recent attack strategy involves exploiting a known SQL injection vulnerability, specifically CVE-2023-34362, within the MOVEit Transfer. By exploiting this flaw, the gang has managed to upload a web shell, known as LEMURLOOT, to internet-facing MOVEit Transfer web applications.
