American Airlines Hacked by Cl0P Gang, MOVEit Involved

Cl0p extortion gang got another large company as a victim

American Airlines, the major airline company in the US, appears to be yet another victim of MOVEit vulnerability. Specifically, Cl0p ransomware gang hackers claim the successful attack upon the co. The post on their Darknet leak site does not disclose much, but the company is most likely already in the negotiations with hackers. What is… Continue reading American Airlines Hacked by Cl0P Gang, MOVEit Involved

The Number of Companies Affected by Attacks on Vulnerabilities in MOVEit Transfer Increased

The consequences of exploiting a 0-day vulnerability in MOVEit Transfer’s file transfer management solution continue to spread. The total number of affected companies has already exceeded 100, and Siemens Energy and Schneider Electric are now among the victims who confirmed the compromise. Let me remind you that it all started with a 0-day vulnerability (CVE-2023-34362)… Continue reading The Number of Companies Affected by Attacks on Vulnerabilities in MOVEit Transfer Increased

Clop Attacks on MOVEit Transfer Affected British Airways, BBC and More

According to security researchers, the Clop ransomware group has been looking for a way to exploit a vulnerability in MOVEit Transfer since 2021. Hackers say hundreds of companies have been compromised in recent attacks, with Irish airline Aer Lingus, British Airways, the BBC and British pharmacy chain Boots already confirmed the hack. What is MOVEit… Continue reading Clop Attacks on MOVEit Transfer Affected British Airways, BBC and More

Microsoft Researchers Link Clop Gang to MOVEit Transfer Attack

Microsoft has linked the Clop ransomware gang to a recent attack that uses a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. The company’s Threat Intel team names Lace Tempest cybercrime gang as a key suspect in these attacks. Who are Lace Tempest hackers? Microsoft is attributing attacks that exploit the… Continue reading Microsoft Researchers Link Clop Gang to MOVEit Transfer Attack

FIN7 Hack Group Resumed Activity, Linked to Clop Ransomware

Microsoft analysts report that last month the notorious hacker group FIN7 (also known as Carbanak, Navigator and others) resumed its activity. The researchers were able to link FIN7 to attacks whose ultimate goal was to deploy the Clop ransomware on victims’ networks. FIN7 Cybercrime Group Goes On Let me remind you that we also wrote… Continue reading FIN7 Hack Group Resumed Activity, Linked to Clop Ransomware

Clop and LockBit Ransomware Exploit Fresh Vulnerabilities in PaperCut

Microsoft has linked recent attacks on PaperCut servers to ransomware operations by Clop and LockBit, which used vulnerabilities to steal corporate data. In March 2023, print management solutions provider PaperCut fixed vulnerabilities CVE-2023-27350 (9.8 out of 10 on the CVSS scale, equalling the recently-discovered MSMQ vulnerability) and CVE-2023-27351 (8.2 out of 10). on the CVSS… Continue reading Clop and LockBit Ransomware Exploit Fresh Vulnerabilities in PaperCut

Clop Operators Claim to Hack 130 Organizations Using GoAnywhere MFT Bug

Clop ransomware operators claim to be behind recent attacks on a 0-day vulnerability in the GoAnywhere MFT secure file transfer tool. Hackers claim that thanks to this bug they stole the data of 130 organizations. We also reported that Exploits for Vulnerabilities in Three Popular WordPress Plugins Appeared on the Network. As a reminder, GoAnywhere… Continue reading Clop Operators Claim to Hack 130 Organizations Using GoAnywhere MFT Bug

Raspberry Robin Worm Operators Now Trade Access

Microsoft researchers reported that the operators of the hack group, which they track under the ID DEV-0950, used the Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm. Let me remind you that the first Raspberry Robin malware was found by analysts from Red Canary. In the spring… Continue reading Raspberry Robin Worm Operators Now Trade Access

LockBit Weaponizes Its Victims’ Clients – Brett Callow

Brett Callow, a cybersecurity analyst at Emsisoft, shared information on his Twitter about the broadened tactics the LockBit ransomware group applies to its victims. Imagine a firm gets attacked by ransomware. It is not a novelty that, besides encrypting the data belonging to the company (to demand ransom for giving the data back,) the crooks… Continue reading LockBit Weaponizes Its Victims’ Clients – Brett Callow

Clop ransomware exploits vulnerability in SolarWinds Serv-U

The NCC Group warns of a spike of Clop ransomware attacks (hack group also known as TA505 and FIN11), which exploits a vulnerability in SolarWinds Serv-U. Most of them start off by exploiting the CVE-2021-35211 bug in Serv-U Managed File Transfer and Serv-U Secure FTP. This issue allows a remote attacker to execute commands with… Continue reading Clop ransomware exploits vulnerability in SolarWinds Serv-U