British Airways and the government of Nova Scotia are among the earliest known victims of an ongoing hacking campaign that cybersecurity experts warned could ensnare thousands of victims in the coming weeks.
(Bloomberg) — British Airways and the government of Nova Scotia are among the earliest known victims of an ongoing hacking campaign that cybersecurity experts warned could ensnare thousands of victims in the coming weeks.
British Airways on Monday told its staff of roughly 35,000 people that their personal information may have been included in a breach at the company’s payroll provider. In that incident, attackers exploited the same software vulnerability that resulted in compromises affecting government systems in Nova Scotia, where officials are investigating a theft of personal data.
The hackers exploited a vulnerability in the secure file transfer product, MOVEit, developed by Progress Software Corp., the company said in an advisory. MOVEit is used by thousands of companies, including payroll providers, health-care firms, and information technology providers. The vulnerability allowed hackers to steal files that companies had uploaded to MOVEit, according to Progress.
Progress released a patch for its systems last week.
“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” MOVEit spokesperson John Eddy said in a statement.
Potentially thousands of companies could be vulnerable to hackers, according to Allan Liska, senior intelligence analyst at Recorded Future Inc. Publicly available data sources show there are thousands of vulnerable MOVEit servers that could have been affected by the software flaw that made such hacks possible, Liska said. The criminal hackers are expected to begin contacting companies and demanding payment in cryptocurrency in exchange for not uploading the company’s stolen data online, he said.
The flaw was the subject of numerous security alerts in recent days, including warnings from the US Department of Homeland Security, Microsoft Corp. and Mandiant, a subsidiary of Alphabet Inc.’s Google Cloud. Microsoft said a criminal hacker group that engages in ransomware and extortion is responsible for the MOVEit hack. The same hackers who breached MOVEit were also responsible for previous hacks of two other secure file transfer products developed by Accellion Inc. and Fortra Inc., Liska said.
“We’re expecting the extortion communications to start anytime within the next four weeks or so,” said Charles Carmakal, chief technology officer at Mandiant. “There is a lot of data that the threat actor has to sort through. When the extortion starts, it will probably carry on for a few months.”
Carmakal said the earliest observed exploitation of MOVEit occurred on May 27.
–With assistance from Margi Murphy.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.