"Microsoft Says Clop Ransomware Gang Is Behind MOVEit Mass Hacks, as First Victims Come Forward"
Security researchers have linked new mass hacks, targeting a popular file transfer tool, to the Clop ransomware gang. Hackers are exploiting a newly discovered flaw in MOVEit Transfer, a file transfer tool businesses use to share large files over the Internet. The vulnerability enables hackers to gain unauthorized access to the database of a vulnerable MOVEit server. The developer of the MOVEit software, Progress Software, has already released patches. However, attack victims have begun to come forward. Zellis, a UK-based human resources software developer and payroll service provider, confirmed that its MOVEit system had been compromised, affecting a "small number" of its corporate customers. British Airways, one of these customers, disclosed that the breach compromised the payroll information of its UK-based employees. Initially, it was unclear who was behind this new wave of cyberattacks, but Microsoft security researchers have attributed them to a group dubbed "Lace Tempest." This gang is a known affiliate of the Russia-backed Clop ransomware group, which was previously linked to widespread attacks involving the exploitation of vulnerabilities in Fortra's GoAnywhere file transfer tool and Accellion's file transfer tool. This article continues to discuss the first confirmed victims of the MOVEit mass hacks and the Clop ransomware gang's connection to the hacks.