Extreme Networks recently disclosed that its instance of the Progress Software MOVEit Transfer tool was impacted by a cyber attack orchestrated by the Clop (aka Cl0p) cyber extortion operation. The attack exploited the CVE-2023-34262 SQL injection vulnerability in MOVEit Transfer. Extreme Networks CISO, Philip Swain, assured that immediate action was taken to contain impacted areas, and the investigation is ongoing. While there’s no evidence of compromise among the company’s 50,000 worldwide customers, concerns arise, especially in sectors like sports and entertainment, where Extreme Networks has a strong presence.
The disclosure follows the Clop group’s exploitation of the CVE-2023-34262 vulnerability in MOVEit Transfer, affecting over 2,000 known instances exposed to the internet. The cybercriminals have targeted various file transfer products, and organizations like Zellis, a payroll software supplier, have fallen victim to their attacks. Zellis customers, including BBC, Boots, and British Airways, had employee data exfiltrated, with Clop demanding ransom negotiations by June 14. The addition of Extreme Networks to the list raises concerns for its customers, given the widespread exploitation of the vulnerability.
Extreme Networks has reassured its commitment to security protocols and containment measures. The Clop group has indicated on its leak site that organizations using MOVEit Transfer are likely to have their data compromised. The impact on Extreme Networks’ customers, particularly in the sports and entertainment sector, is a significant concern. While the investigation continues, direct communication with affected customers will follow if it’s determined that customer information has been impacted.
The situation highlights the evolving threat landscape and the importance of prompt cybersecurity measures. The CVE-2023-34262 exploit chain has become a tool for cybercriminals, emphasizing the need for organizations to stay vigilant and ensure the security of their software and systems.
