A zero-day vulnerability in MOVEit software has been exploited by the Clop ransomware attack that targets Oil and Gas giant Shell and has been used to mount the attack. Threat actors have been actively exploiting the vulnerability, identified as CVE-2023-34362, to steal data from organizations throughout the world. This is to gain access to sensitive information. Shell is investigating this security breach to determine whether it affected the company’s core information technology systems or not.
The Clop gang has targeted Shell’s file transfer service for the second time since being infiltrated by the Clop gang in 2013. They broke into the company’s global network of more than 80,000 employees and reported revenues of $381 billion.
It has been reported that Shell US spokesperson Anna Arata has been informed that a cyber security incident has affected a third-party software program from Progress called MOVEit Transfer, which is used by some Shell employees and customers. Arata stated that “so far, there has been no evidence that damage has occurred to Shell’s core information systems.” In addition, she mentioned that Shell’s IT teams are trying to identify any risks and take the appropriate action to manage them.
In Rapid7’s investigation undertaken on May 31, the experts discovered that approximate
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: