A Russian-speaking hacker group known as Clop has announced that it has successfully obtained sensitive data from various institutions, including US-based investment firms, European manufacturers, and US universities. Clop, whose name means bedbugs in Russian, has recently added German industrial group Heidelberg, Kansas-based Putnam Investments, and Leggett & Platt, a Missouri-based manufacturer, to its list of hacked companies. In addition to these new targets, eight other companies have also been added to the list on the dark web, following last week’s revelation that UK groups, such as Walgreens-owned Boots, had experienced data breaches. Zellis, a UK-based payroll provider used by many FTSE 100 companies, was also targeted in the cyber attack discovered on May 31. Ciaran Martin, chair of CyberCX UK, described the incident as significant and emphasized that these companies had unknowingly placed their trust in a compromised service.
Clop is demanding a ransom from the companies on its list, threatening to release sensitive information if substantial sums are not paid. Cyber security experts and negotiators estimate that the ransom could be worth several million dollars. It is worth noting that Clop has a history of sophisticated hacking methods that surpass the typical malware-laden email approach. The recent breach exploited a vulnerability in secure file-transfer software, which exposed the vulnerability of businesses to cyber attacks that target flaws in their software supply chain.
Heidelberg, however, confirmed that although its system was attacked, it quickly and effectively counteracted the breach, avoiding any data breach. On the other hand, Putnam and Leggett did not respond to requests for comment. Investigators have noted that Clop stands out as a ransomware operator due to its technical expertise and strategic patience. Despite lacking detailed information about Clop, experts have observed that the group utilizes Russian code and metadata, refrains from attacking Russian-speaking countries, and aligns its work schedule with Russian Orthodox holidays.
Clop hackers gained unauthorized access to personal data by breaching MOVEit, a file-transfer software developed by Progress Software engineers. The group then spent months investigating the cyber defenses of the target companies that use Progress’s software before launching simultaneous attacks. Evidence suggests that Clop had conducted tests months prior to the attacks. Progress Software promptly informed its customers about the vulnerability on May 31 and released an emergency fix. It declined to provide further details, citing ongoing cooperation with US authorities.
This campaign marks Clop’s third known attempt to obtain secured data from organizations. Previous campaigns have yielded millions of dollars, and the group continues to maintain a dark web leaksite where it releases the names and data of those who refuse to comply with their ransom demands. Clop’s modus operandi, known as “hack-and-leak,” involves deleting the data of victims who pay the ransom, with the payment amount varying depending on the company. While intellectual property holds substantial value, personal data is considered less valuable in these transactions.
Don Smith, vice-president of Secureworks Counter Threat Unit, a cyber security firm, commented on the intricate nature of the ransom process, highlighting the risk that Clop faces by publicly releasing a victim’s data. By doing so, they eliminate any possibility of receiving further payment from that victim.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
