8 Tech And IT Companies Targeted In The MOVEit Attacks – CRN

Widespread Attacks

Nearly a month after the discovery of a critical vulnerability in Progress’ widely used MOVEit file transfer software, the impacts from a wave of related cyberattacks and data breaches continue to worsen. Clop, a Russian-speaking cybercriminal group, has claimed responsibility for breaching dozens of organizations by exploiting the vulnerability, and many have confirmed that they were affected.

[Related: Schneider Electric Probing MOVEit Claim By Cybercrime Group]

In all, more than 100 organizations have been listed on Clop’s darkweb site or have separately disclosed a security incident related to the MOVEit vulnerability, according to a tally by Emsisoft threat analyst Brett Callow. At least 15 million individuals have been impacted by the data breaches, Callow said—although the actual number is likely much higher, since the vast majority of affected organizations haven’t shared the number of individuals impacted.

In its widespread MOVEit campaign, Clop has struck a range of organizations including government agencies, insurers, banks and universities. The gang has also gone after a number of tech and IT services companies: At least eight well-known tech vendors and IT services firms so far have confirmed being impacted or have been claimed as victims by Clop. The group has been demanding extortion payments from alleged victims in exchange for not posting stolen data on its darkweb site.

In some cases, after their names appeared on the group’s site, the tech and IT companies have confirmed that they were impacted or are investigating Clop’s claims. For instance, PricewaterhouseCoopers (PwC) and Ernst & Young, which both provide IT consulting among their services, have each confirmed that they’ve been ensnared in the MOVEit attacks. Other companies in the tech and IT space, such as Schneider Electric, have said they did use MOVEit and are investigating if they were impacted.

In addition, some companies have been named as alleged victims on Clop’s site but have yet to comment publicly, such as Microsoft-owned Nuance, Sony and solution provider giant Cognizant.

An organization whose name appears on Clop’s darkweb site is most likely facing a real data extortion attempt by the cybercriminal group, according to Chris Pierson, a former longtime member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. “By and large, if your name is up there, it means some type of shakedown is occurring,” Pierson, who is now the founder and CEO of cybersecurity firm BlackCloak, told CRN. “There is some type of [extortion] threat to you or your organization.”

While a series of vulnerabilities have been discovered over the past month in Progress’ MOVEit tool, the original flaw (tracked at CVE-2023-34362) has been pinpointed as the source of Clop’s attacks. The vulnerability, which was reported by Progress on May 31, can enable escalation of administrative privileges and unauthorized access, Progress has said. There’s currently no evidence that the other recently identified MOVEit vulnerabilities (CVE-2023-35708 and CVE-2023-35036) have been exploited, Progress said Wednesday in a statement to CRN.

What follows are the key details on eight tech and IT companies targeted in the MOVEit attacks.