The Cl0p ransomware group has exploited a vulnerability in the MOVEit file transfer solution, impacting more than 2,000 organizations and over 60 million individuals, according to data released by cybersecurity firm Emsisoft. These figures align closely with those shared by IT market research company KonBriefingResearch. Most of the affected organizations are based in the United States, with the finance, professional services, and education sectors being the most heavily hit.
A significant data breach event this week involved the National Student Clearinghouse, a U.S. non-profit organization, resulting in exposed information from nearly 900 American educational institutions.
In late May 2023, the Cl0p group took advantage of a popular SQL injection vulnerability (CVE-2023-34362) in the MOVEit file transfer solution, stealing sensitive data from a wide range of organizations. The victims include well-known corporations, governments (including several U.S. federal agencies and the U.S. Department of Energy), financial institutions, pension systems, and other public and private entities.
Over the past few months, the number of victims of the MOVEit vulnerability has been growing rapidly. The Cl0p group has abandoned the use of ransomware, choosing instead to simply extract sensitive data and threaten companies with its exposure unless a ransom is paid. Notably, this is the third time in three years that the Cl0p ransomware group has exploited zero-day vulnerabilities in web applications for extortion. Their targets have always been the 'security products' of well-known software companies.
Cl0p's significant success is likely to encourage imitation by other hacker groups, exacerbating the serious threat landscape facing application security and the software supply chain.