Shell, a major player in the oil and gas industry, has confirmed that it is one of the victims of a large-scale ransomware campaign conducted by the notorious Clop gang. The cybercriminals have exploited a zero-day vulnerability in the MOVEit Transfer tool from Progress to carry out their attacks. This zero-day vulnerability is tracked as CVE-2023-34362 and is being actively exploited by threat actors to steal sensitive data from organizations worldwide.
Upon discovering the security breach, Shell immediately launched an investigation into the incident. Fortunately, the company has stated that the attack had no impact on its core IT systems. However, a small number of Shell employees and customers who utilize the third-party tool MOVEit Transfer have been affected. Shell spokesperson Anna Arata confirmed that the company’s IT teams are actively investigating the situation to assess any potential risks and take appropriate actions.
The Clop ransomware gang, responsible for this campaign, claims to have successfully hacked hundreds of companies by leveraging the aforementioned zero-day vulnerability. Interestingly, researchers have found evidence indicating that the Clop gang had been searching for a zero-day exploit in the MOVEit software as early as 2021. As of now, the ransomware group has already listed 27 companies as victims on their dark web leak site, claiming to have compromised them by exploiting the CVE-2023-34362 vulnerability.
In response to media reports suggesting that government data had been compromised, the Clop gang posted a message on their leak site denying any involvement in such activities. They emphasized that their primary motivation is financial gain and they have no interest in politics or government data. They also stated that if companies place their data on unprotected and unencrypted file transfer services, they should not blame the hackers for their actions.
Worryingly, cybersecurity firm discovered approximately 2,500 publicly accessible instances of MOVEit Transfer on the internet, with a significant number located in the United States. The United Kingdom, on the other hand, had 127 installations of the tool. As a result, UK’s communications regulator Ofcom has also fallen victim to the ongoing Clop ransomware campaign. Additionally, Zellis, a payroll services provider, was targeted, leading to data breaches affecting various companies. Among the impacted firms are the BBC, British Airways, Boots (a health and beauty retailer and pharmacy chain), and Aer Lingus (an airline).
It is worth noting that Shell had previously disclosed a data breach in March 2021 resulting from the compromise of an Accellion File Transfer Appliance (FTA) utilized by the company. The recent attack underscores the persistent and evolving threat landscape faced by organizations, emphasizing the critical importance of robust cybersecurity measures to safeguard sensitive data and prevent unauthorized access by threat actors.