Cyberextorsion : 2023, année de l’industrialisation
L’année qui s’achève aura été notamment marquée par plusieurs campagnes d’exploitation de vulnérabilités inédites, en masse, par Cl0p, à des fins de cyberextorsion. Une première à cette échelle. L'...
Clop Ransomware: History, Timeline, And Adversary Simulation
The infamous Clop ransomware, mainly known as Cl0p, targets various industries and organizations, extorting data for a huge amount of ransom. It advances actively with new emerging campaigns. This blog walks through the Clop timeline, Mitre TTPs and their emulation.
Campagne MOVEit : Cl0p divulgue une grande quantité de données volées à Cegedim
Le groupe Cl0p a poursuivi la diffusion des données volées à Cegedim à l’occasion de sa campagne de cyberattaques contre les instances MOVEit Transfer. Il met désormais à disposition plus de 1,5 To de données.
Siemens Energy confirms data breach after MOVEit data-theft attack
Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.
‘Several’ US federal agencies affected by MOVEit breach
Top U.S. cybersecurity officials confirmed Thursday that several federal agencies have been impacted by cyberattacks on the widely used MOVEit file transfer tool. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly told reporters that her team and the FBI are working to provide assistance to federal agencies that used MOVEit, which is being exploited by the Russia-based Clop ransomware gang in a widespread breach that appears to have compromised dozens of entities. “We’ve been working closely with Progress Software [which makes MOVEit], the FBI and our federal partners to understand its prevalence within federal agencies,” she said. Earlier in the day, CNN first reported that several government agencies were compromised in the hacks. Easterly said that CISA is providing support to “several agencies that have experienced intrusions of their MOVEit applications.”
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
