Ofcom Latest MOVEit Victim as Exploit Code Released

Written by

UK communications regulator Ofcom has become the latest organization to be impacted by the Clop extortion campaign targeting a zero-day bug in MOVEit software.

Ofcom confirmed the news in a brief statement yesterday. Although its own systems were not compromised during the attack, threat actors managed to access information of both the organizations it regulates and its own staff.

Read more on the MOVEit zero day bug: Critical Zero-Day Flaw Exploited in MOVEit Transfer.

“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” Ofcom explained.

“We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”

The news follows an admission by the Irish health service (HSE) late last week that it was also impacted by the data-stealing campaign.

“The HSE became aware yesterday evening (June 8) that an external partner (EY) working with us on a project to automate part of our recruitment process was alerted to a cyber-attack on the technology product MOVEit which they were using to support this work,” it explained in a statement.

“This analysis has determined that is it likely that information relating to no more than 20 individuals involved in recruitment processes was accessed. The data on these recruitment panels is comprised of names, addresses, mobile number, place on the panel and more general information on the posts being recruited. Importantly no other personal identification data or financial data is included.”

Attributed to an affiliate of the Clop ransomware group, the campaign exploited a zero-day vulnerability (CVE-2023-34362) in the popular file transfer software to exfiltrate data from a large number of global companies.

The chances of copycat attacks has theoretically grown in recent days after the release of a proof-of-concept exploit last Friday. Any organizations still running unpatched internet-exposed servers would be advised to urgently update their systems.

Editorial image credit: T. Schneider / Shutterstock.com

What’s hot on Infosecurity Magazine?