The Cl0p crime group’s zero-day attacks on users of the MOVEit file transfer software have left a trail of victims, with German cybersecurity firm KonBriefing reporting that 455 organizations have been affected.
Among the recently reported victims are healthcare risk adjustment firm Cognisight, Pacific Premier Bank, Northwestern Mutual, life insurance companies, U.S. colleges, aerospace firm Honeywell, and others. The attacks have resulted in the exposure of sensitive data from millions of individuals, with organizations sending letters to notify affected parties.
Security firm Emsisoft estimates that at least 23 million individuals’ personal details have been stolen and held to ransom by the attackers, with the Cl0p group’s use of zero-day flaws in widely used software making it a highly profitable endeavor.
The Cl0p group’s mass attack began around May 29, taking advantage of the U.S. Memorial Day holiday weekend, and exploited a zero-day vulnerability in Progress Software’s MOVEit.
Progress issued a security alert and patch on May 31 to block further attacks, but the extent of Clop’s continued activity remains uncertain. The group’s focus on zero-day attacks has proven highly effective and profitable, with ransomware response firm Coveware suggesting they could earn $75 million to $100 million from the MOVEit campaign. The impact is magnified by service providers like PBI Research Services, whose compromised MOVEit servers have affected organizations such as the Teachers Insurance and Annuity Association of America and National Student Clearinghouse, potentially exposing data on millions of individuals.
The aftermath of the attacks continues to unfold, raising concerns about the growing threats posed by financially motivated threat actors targeting critical software systems.