The cyber gang Cl0p is facing pressure from prosecutors following a series of cyber break-ins and subsequent blackmail attempts exploiting a security gap in the software MOVEit Transfer. The US State Department has announced a reward of up to $10 million for information leading to the identification or location of individuals involved in malicious cyber-activities against critical US infrastructure. The department’s Rewards for Justice program has highlighted the vulnerability in MOVEit Transfer that is being exploited by the Cl0p gang and has encouraged members of the public to submit information via Signal, Telegram, WhatsApp, or Tor address.
Cl0p recently made headlines by publishing the names of companies that they had successfully breached using the security flaw in MOVEit Transfer. In a statement on their Darknet website, the group claimed that they were not interested in government information and would delete it immediately if obtained. However, it has since been revealed that the US Department of Energy is among the victims of the gang’s extortion scheme. Other potentially affected entities include the Oak Ridge University Consortium and a waste sorting test facility in New Mexico. It is feared that tens of thousands of individuals and institutions, including employees and contractors, may have had their data compromised.
The US State Department’s decision to offer a reward is not uncommon, as similar bounties have been issued in the past. In 2021, individuals who provided information on the Colonial Pipeline blackmailers were also eligible for up to $10 million in rewards. This move highlights the seriousness with which the US government is treating cybercrime and its commitment to bringing cyber criminals to justice.
