top of page
Lanon Wee

Gang Denies Accessing BBC, BA and Boots Data Via MOVEit Hack

Cyber criminals have informed the BBC that they do not possess information from major British businesses rumoured to have been compromised with a mass hack. A number of companies, including the BBC, British Airways and Boots, have informed employees that delicate payroll data was pilfered during the breach that occurred last month. At present, Clop, who are alleged to be hackers, claim via email that they do not possess the data in question. The chance exists that another group of hackers has the taken information or Clop is not telling the truth. Zellis, the UK payroll provider that has suffered a breach of its security by hackers, resulting in access to the BBC, Boots and BA's data, replied that it was unable to comment due to the fact that a police investigation was in progress. Since 14 June, Clop has been releasing details of companies it has compromised, in an attempt to coerce payment of a ransom. No major or noteworthy victims' names from the UK have been published at this point. Clop has taken the step of adding to their darknet website the names, websites and company addresses of nearly 50 victims, done in small groups. Organisations from over a dozen nations, including the US, Germany, Switzerland, the UK, Canada, and Belgium, such as banks, universities, travel firms, and software companies are included. Clop has reported on various businesses whose data has been independently confirmed as having been taken. This information is located on their "leak site". Clop has stated that it will publish the stolen data unless victims agree to pay the asked-for ransom, which is likely to be in the hundreds of thousands of dollars or higher, via Bitcoin. It is speculated that hundreds of entities who employed the MOVEit file transfer tool have had their information pilfered. Among eight large UK organisations that partnered with Zellis, the BBC, British Airways, and Boots, were affected by the breach in MOVEit. Yet in email correspondence with the BBC, the cyber criminals continually denied taking the Zellis information. The hackers made the assertion that they have never misled anyone, and in this case, that they do not possess any information that they had previously told Zellis about. They emphasized that they have been around for a long time and have no intention of deceiving anyone. Zellis indicated that they have been notified of a few customers being affected by a worldwide situation and that they are currently assisting those customers. The company states that upon learning of the hack, it swiftly took action and cut off the computer server in which MOVEit had been installed. The company declared that they hired an external security team composed of experts to assist them in dealing with the intrusion and informed the pertinent UK data regulatory bodies. Cyber security professionals are perplexed by Clop's statements, further adding to the already intricate circumstance. Brett Callow, a threat researcher from Emsisoft, suggested that the activities of Clop might be concealing the possibility of the group having sold the data they had acquired to a different hacking organisation. However, Clop asserted that "nothing was sold to any other hackers". Alternative professionals assert that there are a number of options. "According to Amir Hadžipasić, the head of SOS Intelligence, there is no valid excuse for Clop not to have the data," declared. "It is possible that if what they are saying is true, other hackers may have infiltrated the system and taken the data before Clop. If Clop is not responsible, that would make the trajectory of this situation less foreseeable. Our files are probably going to end up on the darkweb through some other hacking organization," he continued. Progress Software, the developers of MOVEit, disclosed the hack on 31 May. The criminals discovered an opening in MOVEit which they exploited to gain access to the databases of numerous other companies. Ever since the first details of the MOVEit case were revealed, however, several security flaws in the program have been identified, indicating that the data may have been pilfered through alternate means by an unrelated party. On Friday, the US declared a reward of $10m for any information connecting the Clop group or any other cyber criminals targeting US critical infrastructure to a foreign government.

Comments


bottom of page