Tech News
More data stolen in 2023 MOVEit attacks comes to light
After a significant cyber incident that occurred eighteen months ago, where a ransomware gang exploited a zero-day SQL injection vulnerability in Progress Software’s MOVEit Transfer file transfer product, new victims have emerged. One of the latest victims to come to light is tech giant Amazon, which has confirmed that data on over two million of its employees has been leaked.
The vulnerability, known as CVE-2023-34362, was a critical zero-day SQL injection flaw in the MOVEit Transfer tool. Although it was patched at the end of May 2023, the Cl0p/Clop ransomware operation managed to use it to carry out a large-scale breach affecting organizations globally.
Among the victims in the UK were the BBC, Boots, and British Airways, all compromised through the payroll and human resources IT specialist Zellis.
This week, researchers at Hudson Rock revealed details of a major data leak involving at least 25 organizations orchestrated by an actor using the handle Nam3L3ss. This actor posted the data in CSV format on an underground cyber criminal forum.
The leaked data includes employee records from major companies such as HP, HSBC, Lenovo, Omnicom, Urban Outfitters, British Telecom, and McDonalds. The largest amount of data, totaling over 2.8 million records, came from Amazon.
According to Alon Gal from Hudson Rock, the leaked dataset contains contact information, organizational roles, and departmental assignments within Amazon, putting employees at risk of social engineering and targeted phishing attacks.
In a statement to the media, Amazon’s senior PR manager, Adam Montgomery, confirmed the breach, stating that the only information involved was employee work contact information like work email addresses, desk phone numbers, and building locations. Amazon and AWS systems were reported to remain secure without experiencing a security event.
Amazon did not disclose the specific organization through which it was affected.
Link to Cl0p?
Screenshots of posts made by Nam3Less, shared with Computer Weekly by researchers at Searchlight Cyber, indicate that the actor claimed not to be a hacker or affiliated with any ransomware group. They stated that they did not engage in buying or selling data but monitored the dark web and other exposed services like AWS Buckets, Azure Blobs, and MongoDB servers.
Nam3L3ss expressed a belief that companies and government agencies should encrypt their data during transfers and password protect their online storage to prevent leaks. They emphasized the importance of holding these entities accountable for protecting citizen data.
The potential link between Nam3L3ss and the Cl0p ransomware gang remains unclear and unconfirmed. Despite their claims, statements made by threat actors should be viewed with skepticism. Nam3L3ss could have ties to the gang or may have acquired the data through other means.
Searchlight threat intelligence analyst Vlad Mironescu stated, “Nam3L3ss claims not to be a hacker and shares data downloaded from various sources. The data, including the Amazon information, appears to be sourced from victims of the previous MOVEit attacks orchestrated by Cl0p. While Nam3L3ss is not directly associated with ransomware groups, they are redistributing the data they discovered.”
Mironescu added, “Although the actor shares the data for free or in exchange for forum credits, the dissemination of this data on BreachForums could enable numerous hackers to misuse it for malicious purposes.”
Dark web
Kevin Robertson, COO at Acumen Cyber, commented on the data flow across the dark web, noting how stolen data resurfaces in the news and reaches other attackers over time.
He mentioned the MOVEit breach from the previous year, which impacted numerous organizations and individuals globally, highlighting how attackers continue to profit from stolen data. While Nam3L3ss may not have been involved in the initial MOVEit attack, they have obtained some of its data, demonstrating how stolen data is traded on the dark web.
Boar’s Head listeria outbreak slams sales at rival deli meat brands
Floating island sandbox survival game Aloft launches in January
Pakistan court rejects plea for acquittal from Imran Khan and his wife in graft case
The 10 accessories you need for your iPhone 16
Odistar Desktop Vacuum Cleaner review: Small but mighty
B.C. port lockout: Operations to resume Thursday, employer says
A website for a mysterious new Pokemon-focused company has cropped up, and it sounds like it’ll be doing more than just making games
Canadian teen hospitalized in critical condition with deadly bird flu
Warcraft returns: Blizzard updates all three classics with high-res remasters, upgraded Battle.net features
Welcome To Derry Release Date, Plot, Cast And Trailer
The Top 20 Motivational Instagram Accounts to Follow (2024)
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Singapore Airlines CEO set to join board of Air India, BA News, BA
15 of the Best Trike & Tricycles Mums Recommend
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Satisfy Your Meat and BBQ Cravings While in Texas
Mastering data privacy in the age of AI
Soccer team’s drone at center of Paris Olympics spying scandal
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Motivation5 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Tech News5 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Destination2 months agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Toys5 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Self Development5 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Guides & Tips4 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Tech News4 months agoMastering data privacy in the age of AI
-
Tech News4 months agoSoccer team’s drone at center of Paris Olympics spying scandal