Vulnerabilities in the file transfer software MOVEit Transfer have left many companies and institutions worldwide vulnerable to cybercriminals. A group calling themselves “Cl0p” has been copying sensitive data and demanding ransoms. Recently, it was discovered that several US authorities and government institutions have fallen victim to these attacks. Initially, Cl0p stated that they were only interested in targeting companies and deleting data stolen from authorities. However, the US Department of Energy has received two blackmail letters from the group. The cybercriminals have been exploiting vulnerabilities in MOVEit Transfer, gaining unauthorized access to victims’ intranet. Progress Software, the software’s manufacturer, has released updates to address these vulnerabilities. According to the US IT security authority, hundreds of US companies and institutions may have been affected. The exact names of the victims have not been disclosed. Notably, the US Department of Energy, including the Oak Ridge university consortium and a waste sorting test facility, were affected. Cl0p has already published names of victims, including banks and prominent companies, but no evidence of the stolen data has surfaced. While Cl0p claims to be interested only in company data and deleting stolen information from government institutions, the two blackmail letters contradict this. The group communicates partly in Russian, suggesting a possible origin in Russia.
