UK communications regulator Ofcom has revealed it is among the organisations to have been compromised by the Russian-speaking Clop cyber crime gang following its exploit of a SQL injection vulnerability in Progress Software’s MOVEit Transfer managed file transfer service.
Ofcom confirmed earlier today that a “limited amount” of information about companies it regulates – some of it confidential – alongside the personal data of 412 of its own employees, was downloaded in the attack.
“The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously,” an Ofcom spokesperson said.
“We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.
“No Ofcom systems were compromised during the attack,” they added.
NordVPN chief technology officer Marijus Briedis commented: “Stealing personal and company data from under the nose of the UK’s media regulator will be another feather in the cap of the cyber criminals behind the MOVEit hack.
“The large scale of the attack and high-profile victims like the BBC, British Airways and now Ofcom suggests this was meticulously planned….
“Stealing personal and company data from under the nose of the UK’s media regulator will be another feather in the cap of the cyber criminals behind the MOVEit hack”
Marijus Briedis, NordVPN
Briedis added: “This significant data heist will raise the attackers’ profile within the competitive ransomware-for-hire market that exists on the dark web. It also shows the ongoing risk of supply chain attacks on the UK, with opportunistic hackers looking to prey upon third-party services as a path to landing a big fish further down the line.”
As the clock ticks closer to Clop’s deadline for victims to contact it – lest they find their data leaked online – details of more victims continue to emerge.
Like a number of other victims, the HSE was compromised in a so-called supply chain attack via the systems of an external service provider that used MOVEit Transfer, in this case professional services firm EY.
Progress Software’s woes continue
Prior to the weekend, Progress Software, the company behind MOVEit, disclosed another vulnerability in the product, uncovered with the help of third-party researchers, which may have a similar impact.
31 May: Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software’s managed file transfer product, which was disclosed this week.
6 June: The BBC, Boots and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer product, exploitation of which is spreading fast.
8 June: The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years.
9 June: Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack.
9 June: Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning.
Read more on Data breach incident management and recovery
