UK Regulator Ofcom Hit by Clop Ransomware via MOVEit File Transfer Zero-Day

June 13, 2023

Ofcom, the UK's communications regulator, has disclosed a data breach after being targeted by a Clop ransomware attack. The threat actors exploited a zero-day vulnerability (CVE-2023-34362) in MOVEit file transfer to access the regulator's infrastructure. A spokesperson for Ofcom informed The Record that the ransomware group gained access to confidential information held by the regulator on companies it oversees. The spokesperson stated, “A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack.” The regulator took immediate action to prevent further use of the MOVEit service and implemented recommended security measures. Affected Ofcom-regulated companies were promptly alerted, and support and assistance continue to be provided to colleagues.

MOVEit Transfer is a managed file transfer solution used by enterprises to securely transfer files via SFTP, SCP, and HTTP-based uploads. The vulnerability, a SQL injection vulnerability, allows an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. The flaw affects all MOVEit Transfer versions but does not impact the cloud version of the product. Microsoft credited the Clop ransomware gang (also known as Lace Tempest) for the recent campaign exploiting the zero-day vulnerability CVE-2023-34362. On May 31, Rapid7 experts discovered approximately 2,500 instances of MOVEit Transfer publicly accessible on the internet, with a significant portion located in the United States. Currently, the number of installs in the UK is 127.

Another data breach recently made headlines, involving the payroll services provider Zellis. The instance of MOVEit Transfer managed by Zellis was used by the company to exchange files with multiple firms, implying that the number of affected companies could be substantial. As a result of the cyber attack on Zellis, employee data at the BBC and British Airways has been compromised and exposed. One of Zellis's clients, the British health and beauty retailer and pharmacy chain Boots, also confirmed being impacted by the attack. Another firm affected by the data breach is the airline Aer Lingus, which confirmed that “some of our current and former employee data” has been disclosed.

Related News

• Exploit for MOVEit RCE Bug Released, Used in Data Theft Attacks
• Critical SQL Injection Vulnerabilities Discovered in MOVEit Transfer; Patch Released
• Clop Ransomware Exploiting MOVEit Zero-Day Since 2021
• Major Companies Affected by MOVEit Zero-Day Attack
• Clop Ransomware Gang Linked to MOVEit Data-Theft Attacks by Microsoft

Latest News

• Microsoft's June 2023 Patch Tuesday Addresses 78 Vulnerabilities, Including 38 RCE Bugs
• Chinese Hackers Exploit VMware ESXi Zero-Day to Compromise VMs
• Fortinet Warns of Potential Exploitation of New FortiOS RCE Vulnerability
• Exploit for MOVEit RCE Bug Released, Used in Data Theft Attacks
• Fortinet Addresses Critical RCE Vulnerability in Fortigate SSL-VPN Devices