Introduction: A Major Setback for Sony
Could your personal data be at risk even if you work for a tech giant? Sony has confirmed a cyberattack that potentially compromised the data of around 6,800 current and former employees, all based in the United States.
- Vulnerability: CVE-2023-34362 in MOVEit Transfer
- Impact: Data of approximately 6,800 U.S.-based employees potentially compromised
- Responsible Group: Ransomware group CLoP
- Status: Vulnerability has been fixed; no misuse of data reported
The Vulnerability: MOVEit Zero-Day Exploit
The breach occurred due to a zero-day vulnerability in the MOVEit Transfer file transfer program by Progress Software, according to a letter1 Sony sent to the affected individuals. The flaw, identified as
CVE-2023-34362, allowed for SQL injection, making remote code execution possible. Interestingly, several Dutch companies also appeared to be vulnerable to this exploit.
Who’s Behind the Attack?
The ransomware group CLoP has claimed responsibility for the attack on Sony, which took place on May 28th. Sony became aware of the zero-day vulnerability just a few days later and subsequently fixed it. According to the company, no misuse of the stolen data has been reported so far.
Just a week ago, Sony was in the headlines for another alleged ransomware attack. A relatively unknown hacker group called RansomedVC claimed to have hacked ‘all of Sony.’ While initially doubtful, another hacker group later claimed responsibility for the same attack, making the situation more complex.
What Was Stolen?
The stolen data reportedly includes certificates, credentials for various services, and cyber attack incident policies, according to the second hacker group. However, Sony has not confirmed these details, and there is no evidence to suggest that this was due to the same MOVEit vulnerability.
- https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/ ↩︎