Gen Digital Inc., formerly known as Symantec Corporation and NortonLifeLock, is a multinational software company that offers cybersecurity software and services. The company owns various brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Gen Digital recently disclosed that it fell victim to a ransomware attack, with threat actors exploiting the recently revealed MOVEit Transfer vulnerability CVE-2023-34362.
MOVEit Transfer is a managed file transfer system used by enterprises to securely transfer files through SFTP, SCP, and HTTP-based uploads. The vulnerability in question is a SQL injection vulnerability that can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. The Clop ransomware group has recently claimed to have hacked hundreds of companies worldwide by exploiting the MOVEit Transfer vulnerability.
Microsoft credited the Clop ransomware gang (also known as Lace Tempest) for the campaign targeting a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform. The ransomware group published an extortion note on its dark web leak site, claiming to have information on hundreds of businesses. Gen Digital confirmed that the threat actors had access to the personal information of employees, including names, addresses, birth dates, and business email addresses.
The company stated, "We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed."
Gen Digital added, "Unfortunately, some personal information of Gen employees and contingent workers was impacted which included information like name, company email address, employee ID number, and in some limited cases home address and date of birth. We immediately investigated the scope of the issue and have notified the relevant data protection regulators and our employees whose data may have been impacted." The company has informed data protection regulators and the affected third parties.
The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, and the University of Rochester.