Even more vulnerabilities have been found in the file transfer service, MOVEit. This comes while zero-day victims are still coming forth about the attacks.
The vulnerabilities allow threat actors to steal data from companies or organizations that use the software via SQL injection — a particularly nasty threat that allows someone to make changes to your database, potentially destroying your entire system.
The attack was carried out by the Cl0p ransomware group which has reportedly been testing its vulnerabilities since 2021. The group left notes for each company that had data stolen, informing them that they had until June 14 to contact them about their data, or else all data will be leaked.
“We erased all your data. You do not need to contact us. We have no interest to expose such information,” the group said.
More and more zero-day victims of the hack have come forth since the attack was reported in early June. As of now, over 100 companies have been targeted in this massive attack, including the government of Nova Scotia, UK-based payroll company Zellis, British Airways, Boots, The Illinois Department of Innovation and Technology (DoIT), The Minnesota Education Department (including dozens of students), and many more.
The stolen data includes first and last names, addresses, family member names, date of birth, sensitive financial information, private company information, and even the last four digits of various victims’ social security numbers.
“To date there have been no ransom demands nor is MDE aware that the data has been shared or posted online. Additionally, no virus or other malware was uploaded to MDE’s hardware systems,” said the Minnesota Education Department.
“DoIT’s investigation is ongoing and the full extent of this incident is still being determined, but DoIT believes a large number of individuals could be impacted,” DoIT said.
Investigations into the MOVEit attacks continue.