Clop Ransomware Exploits MOVEit Vulnerability for Years.
The Clop ransomware gang has been testing a zero-day vulnerability in the MOVEit Transfer managed file transfer solution since 2021, according to Kroll security experts. The threat actors were also testing ways to collect and extract sensitive data from compromised MOVEit Transfer servers as far back as April 2022, likely with the help of automated tools. The automated malicious activity picked up on a much larger scale starting on May 15, 2023, right before the zero-day bug mass exploitation began on May 27. Clop has threatened all affected organizations to reach out and negotiate a ransom if they don't want their data leaked online in six days, on June 14.
- Clop ransomware likely testing MOVEit zero-day since 2021 BleepingComputer
- Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 The Hacker News
- MOVEit Transfer Vulnerability (CVE-2023-34362) Kroll
- Cl0p announces rules for extortion negotiation after MOVEit hack Help Net Security
- Clop may have been sitting on MOVEit vulnerability for two years ComputerWeekly.com
Reading Insights
0
0
2 min
vs 3 min read
81%
576 → 110 words
Want the full story? Read the original article
Read on BleepingComputer