Clop denies stealing BBC and BA data in the MOVEit hack

Clop's leak location

The BBC has been informed by the hackers who attacked dozens of businesses at once that they do not have access to the data of the large UK organizations believed to be the victims.

Sensitive payroll information was stolen, according to staff members at the BBC, British Airways, Boots, and Aer Lingus.

The Clop hackers, however, assert that "we don't have that data" in an email.

In an effort to coerce victims into paying a ransom, Clop has been posting victim profiles online since June 14.

However, so far, none of the names of the biggest and most well-known victims in the UK have been posted.

They gradually added the names, websites, and business addresses of close to 40 victims to their darknet website.

Banks, universities, travel agencies, and software companies from more than a dozen nations, including the UK, US, Germany, Switzerland, Canada, and Belgium, are among the organizations.

Several of the businesses listed by Clop on their alleged "leak site" have independently acknowledged having had their data stolen.

Without payment of the ransom, which is probably hundreds of thousands of dollars or more in Bitcoin, Clop threatens to publish the stolen data on its website.

Four of the eight companies, including the BBC, BA, Aer Lingus, and Boots, claim that data from the hack was stolen from them because they were all clients of the company that was compromised.

However, the cybercriminals repeatedly denied stealing the Zellis data in a correspondence with the BBC via email.

"We told Zellis we didn't have that information. We simply lack it. We are an experienced group, and we have never misled anyone, so if we say we don't have information, we truly don't," the hackers declared.

As a result of the ongoing police investigation, Zellis stated that it would not comment on the circumstance.  but referred to its previous statement.

We can confirm that a small number of our customers have been impacted by this global problem, and we are actively working to support them, the statement says.

The company says that as soon as it became aware of the incident it took immediate action, disconnecting the computer server that had MOVEit software installed on it.

The firm says it is working with an expert external security incident response team to assist with forensic analysis and has notified the relevant UK data authorities.

Cyber security experts are puzzled by Clop's comments, which makes the situation more muddied.

Threat researcher Brett Callow from Emsisoft says Clop, which are thought to be based in Russia, could be lying to cover up the fact they stole the data as part of a sale deal with another hacking group.

But Clop claimed: "We didn't sell anything to other hackers".

Other experts say there are other possibilities.

"Clop has no real reason to say they don't have the data," says SOS Intelligence chief executive Amir Hadžipasić ..

"If they are telling the truth then it makes me think that some other hackers may have got in and stolen the data before Clop and if Clop don't have the data then this situation is less predictable.

"The files are going to end up on somewhere on the darkweb via another hacking group," he added.

The hack was first announced on 31 May by Progress Software - the makers of MOVEit, which is a popular file transfer tool.

The criminals found a way to break into MOVEit and were then able to use that access to get into the databases of potentially hundreds of other companies.

Since the initial MOVEit disclosure though, researchers have found multiple security issues with the software which means it is possible that the data was stolen in a different way from a different group.

On Friday, the US announced a $10m reward for "information linking the Clop gang or any other malicious cyber actors targeting U. S.  critical infrastructure to a foreign government".

Source link

You've successfully subscribed to Webosor
Great! Next, complete checkout to get full access to all premium content.
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Billing info update failed.