Tech News
More data stolen in 2023 MOVEit attacks comes to light
After a significant cyber incident that occurred eighteen months ago, where a ransomware gang exploited a zero-day SQL injection vulnerability in Progress Software’s MOVEit Transfer file transfer product, new victims have emerged. One of the latest victims to come to light is tech giant Amazon, which has confirmed that data on over two million of its employees has been leaked.
The vulnerability, known as CVE-2023-34362, was a critical zero-day SQL injection flaw in the MOVEit Transfer tool. Although it was patched at the end of May 2023, the Cl0p/Clop ransomware operation managed to use it to carry out a large-scale breach affecting organizations globally.
Among the victims in the UK were the BBC, Boots, and British Airways, all compromised through the payroll and human resources IT specialist Zellis.
This week, researchers at Hudson Rock revealed details of a major data leak involving at least 25 organizations orchestrated by an actor using the handle Nam3L3ss. This actor posted the data in CSV format on an underground cyber criminal forum.
The leaked data includes employee records from major companies such as HP, HSBC, Lenovo, Omnicom, Urban Outfitters, British Telecom, and McDonalds. The largest amount of data, totaling over 2.8 million records, came from Amazon.
According to Alon Gal from Hudson Rock, the leaked dataset contains contact information, organizational roles, and departmental assignments within Amazon, putting employees at risk of social engineering and targeted phishing attacks.
In a statement to the media, Amazon’s senior PR manager, Adam Montgomery, confirmed the breach, stating that the only information involved was employee work contact information like work email addresses, desk phone numbers, and building locations. Amazon and AWS systems were reported to remain secure without experiencing a security event.
Amazon did not disclose the specific organization through which it was affected.
Link to Cl0p?
Screenshots of posts made by Nam3Less, shared with Computer Weekly by researchers at Searchlight Cyber, indicate that the actor claimed not to be a hacker or affiliated with any ransomware group. They stated that they did not engage in buying or selling data but monitored the dark web and other exposed services like AWS Buckets, Azure Blobs, and MongoDB servers.
Nam3L3ss expressed a belief that companies and government agencies should encrypt their data during transfers and password protect their online storage to prevent leaks. They emphasized the importance of holding these entities accountable for protecting citizen data.
The potential link between Nam3L3ss and the Cl0p ransomware gang remains unclear and unconfirmed. Despite their claims, statements made by threat actors should be viewed with skepticism. Nam3L3ss could have ties to the gang or may have acquired the data through other means.
Searchlight threat intelligence analyst Vlad Mironescu stated, “Nam3L3ss claims not to be a hacker and shares data downloaded from various sources. The data, including the Amazon information, appears to be sourced from victims of the previous MOVEit attacks orchestrated by Cl0p. While Nam3L3ss is not directly associated with ransomware groups, they are redistributing the data they discovered.”
Mironescu added, “Although the actor shares the data for free or in exchange for forum credits, the dissemination of this data on BreachForums could enable numerous hackers to misuse it for malicious purposes.”
Dark web
Kevin Robertson, COO at Acumen Cyber, commented on the data flow across the dark web, noting how stolen data resurfaces in the news and reaches other attackers over time.
He mentioned the MOVEit breach from the previous year, which impacted numerous organizations and individuals globally, highlighting how attackers continue to profit from stolen data. While Nam3L3ss may not have been involved in the initial MOVEit attack, they have obtained some of its data, demonstrating how stolen data is traded on the dark web.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend