First Big MoveIT Victim Discloses Data Theft
The BBC and multiple governments have had data theft via MoveIT zero day. Read the story of the first big MoveIT victim and the vendor response.
Kevin Beaumont
@gossithedog@cyberplace.social on Mastodon - https://t.co/r8moXSpOva
-
First big MoveIT victim discloses. https://t.co/bWYAYmi3Gy
— Kevin Beaumont (@GossiTheDog) June 5, 2023 -
Second MoveIT victim disclosed (there are over one hundred orgs, including multiple governments). https://t.co/1l1fmO9jAY
— Kevin Beaumont (@GossiTheDog) June 5, 2023 -
LBC are reporting the BBC have also had data theft via MoveIT zero day.
— Kevin Beaumont (@GossiTheDog) June 5, 2023 -
I have a whole thread tracking this one since last week.
— Kevin Beaumont (@GossiTheDog) June 5, 2023
All MoveIT Transfer customers should assume breach and do incident response - it’s not a niche thing, cl0p ransomware group did a smash and grab over a week ago. They hit some really big orgs. https://t.co/7769D5KkED -
The vendor response here has been top notch.
— Kevin Beaumont (@GossiTheDog) June 5, 2023
They’re obviously going to get publicly pummelled for this but they’re the victim - they’ve been really transparent with customers, they emailed everybody straight away saying disconnect network etc. They deserve kudos for owning it -
The really big problem is this is the third zero day cl0p ransomware/extortion gang has used against enterprise software. Traditionally ransomware groups are often idiots with old techniques.
— Kevin Beaumont (@GossiTheDog) June 5, 2023
These groups are damaging society - Five Eyes nations gotta get much tougher on this.