Shell Plc is investigating a possible data breach after it was targeted by the Russia-linked hacking gang Clop, which has carried out a spate of recent attacks that exploited a vulnerability in a popular file-transfer product.
(Bloomberg) — Shell Plc is investigating a possible data breach after it was targeted by the Russia-linked hacking gang Clop, which has carried out a spate of recent attacks that exploited a vulnerability in a popular file-transfer product.
The gang listed Shell among a dozen fresh victims, including companies and organizations in the US and Europe, on its website late Wednesday. Besides Shell, the alleged victims included a US university, insurance and manufacturing firms, as well as banks, investment and financial services companies.
While Clop gave affected companies until June 14 to get in touch about its ransom demands, the group doesn’t appear to have published any stolen data on its website as of Thursday morning. Clop gained access via a flaw in the MOVEit product made by Progress Software Corp. Shell said that the tool is used by “a small number of Shell employees and customers.”
“There is no evidence of impact to Shell’s core IT systems,” Amir Paivar, a company spokesman, said. “Our IT teams are investigating.” He added that the company was not communicating with the hackers.
German printing and packaging company Heidelberg was also on the list, though a spokesperson said the incident was countered and didn’t lead to a data breach. Landal GreenParks, a Dutch campsite and recreation company, said that the gang had accessed guest data, including names and contact details of about 12,000 people. A spokesperson said it’s unclear “whether they have taken advantage of that access.” The company informed the Dutch data protection authority and disabled the compromised server.
Clop’s breach of MOVEit, first disclosed earlier this month, has resulted in a spate of attacks affecting a number of high-profile companies. Previously disclosed victims have included IAG SA’s British Airways, the British Broadcasting Corp. and the UK communications regulator Ofcom. Progress said it has issued a patch for the flaw. The gang has claimed it has information from “hundreds of companies” though it’s unclear how many are affected.
British Airways, the pharmacy chain Boots and the BBC told staff that personal information may have been compromised after a cyberattack on their payroll provider, Zellis. Other victims included Aer Lingus, the government of Nova Scotia and the Minnesota Department of Education. In the latter case, the hackers stole files that included about 95,000 names of students placed in foster care throughout the state.
Clop has said it erased data from governments, cities and police agencies. But Kevin Burns, a spokesman for the Minnesota Department of Education, said, “We are taking all of that with a grain of salt.”
“We remain focused on supporting our customers by helping them take the steps needed to further secure their environments, including applying the patches we have released,” Progress said in a statement. “We are also continuing to share information in a transparent way to better enable the entire industry to combat sophisticated cybercriminals intent on uncovering and maliciously exploiting vulnerabilities in commonly used software products.”
Clop, sometimes referred to as Cl0p, is the name of a ransomware variant that has been deployed against companies and organizations around the world, and it also sometimes refers to the hacking gang that uses it. The gang is Russian-speaking and its attacks have caused hundreds of millions of dollars in damage, according to the cybersecurity firm Trend Micro Inc.
While several alleged members of the gang have been arrested, its use has continued uninterrupted, according to the US Department of Health and Human Services. Clop is the successor to CryptoMix ransomware, which was believed to have been developed in Russia, and it has frequently been used to target the health-care industry, according to HHS.
In addition to deploying ransomware, which encrypts a victim’s files, Clop hackers sometimes steal data. Hacking groups are moving toward stealing data rather than encrypting files as a way to blackmail victims.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.