Massive MOVEit Hack Affects Nearly 1,000 Organizations and 60 Million Individuals

August 25, 2023

The Russian-speaking Cl0p ransomware group's recent MOVEit campaign has reportedly affected nearly 1,000 organizations and 60 million individuals. The figures include both directly and indirectly impacted entities. For instance, data from several organizations and millions of individuals were compromised via PBI, a company providing research services for the pension and financial sectors. As of August 24, cybersecurity firm Emsisoft reported 988 victims and approximately 59,200,000 individuals.

Organizations potentially exposing the data of more than one million individuals include Maximus, Pôle Emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, Milliman Solutions, and Wilton Reassurance Company. The number of affected organizations is also confirmed by Resecurity, which reported 963 public and private sector organizations worldwide affected by the MOVEit hack on August 23.

The Cl0p group, which is estimated to earn up to $100 million from this campaign, has begun leaking the data of victims who have refused to pay the ransom. On August 14 and 15, the cybercriminals leaked nearly 1 Tb of information allegedly stolen from 16 victims, according to Resecurity. These victims include UCLA, Siemens Energy, Cognizant, and cybersecurity firms Norton LifeLock and Netscout. The data was leaked via surface web torrents, allowing anyone to easily access the stolen files.

Both Emsisoft and Resecurity reported that over 80% of the affected organizations are located in the United States. The MOVEit campaign exploited CVE-2023-34362, a critical SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) software. This vulnerability can be exploited by an unauthenticated attacker to access files transferred through the product.

Related News

• Rapid7 Report Highlights High ROI for Ransomware and Increasing Use of Zero-Day Exploits
• Colorado Alerts 4 Million Citizens of Data Breach Following IBM MOVEit Exploit
• Rise in Ransomware Attacks Through Zero-Day Exploits: An Analysis
• US Government Contractor Maximus Suffers Massive Data Breach Affecting Millions
• Schneider Electric and Siemens Energy Fall Prey to Clop Ransomware Attack

Latest News

• CISA Mandates Immediate Patching for Two Actively Exploited Vulnerabilities
• Critical Ivanti Sentry Bug Abused as Zero-Day: Exploit Released
• FBI Declares Barracuda ESG Zero-Day Patches Ineffective
• North Korean Lazarus Group Exploits ManageEngine Vulnerability to Launch Cyber Attacks
• Rockwell Automation ThinManager Vulnerabilities Pose Threat to Industrial Control Systems