Gen Digital, the company behind prominent cybersecurity brands like Avast, Avira, AVG, Norton, and LifeLock, has confirmed a ransomware attack that compromised employee personal information. The attack exploited a zero-day vulnerability (CVE-2023-34362) in the MOVEit Transfer managed file transfer (MFT) software, disclosed by Progress Software on May 31. Mass exploitation of the critical-severity SQL injection vulnerability began in late May, with evidence suggesting attackers knew about or tested it since 2021.
The Cl0p ransomware gang, responsible for an exploitation campaign targeting this zero-day, has impacted over 100 organizations. Gen Digital disclosed that employee data, including names, addresses, birth dates, and business email addresses, was compromised, but core IT systems, services, customer, and partner data remained unaffected.
In response to the attack, Gen Digital took immediate action to remediate known vulnerabilities in MOVEit, notifying relevant data protection regulators and affected employees. The company clarified that no customer or partner data was exposed, but personal information of employees and contingent workers was impacted. Following the MOVEit zero-day disclosure, two more critical-severity SQL injection bugs (CVE-2023-35036 and CVE-2023-35708) were identified in MOVEit software.
While not exploited yet, Progress Software urges customers to apply patches promptly to prevent unauthorized access. Known victims of the MOVEit zero-day attacks include the U.S. Department of Energy, Louisiana’s Office of Motor Vehicles, British Airways, the British Broadcasting Company, and other prominent organizations.
