Russian-Speaking Cyber Gang Boasts Responsibility for BBC and British Airways Employee Data Breach
The hackers, known as the CLOP ransomware gang, say they have “information on hundreds of companies.”
16 June 2023
US and UK cybersecurity officials are scrambling to respond to a sweeping hack that has compromised employee data at the BBC and British Airways. Credit for this extensive breach has been claimed by a group of Russian-speaking cyber criminals.
The CLOP ransomware gang, notorious hackers, have declared possession of "information on hundreds of companies."
T have set a deadline of June 14 for the victims to engage in ransom negotiations, failing which they intend to commence the publication of data from the allegedly hacked companies.
Claiming responsibility for a widespread cyberattack that targeted the BBC, British Airways, and resulted in a scramble among cybersecurity officials in the US and UK, a group of Russian-speaking cyber criminals has emerged. Referred to as the CLOP ransomware gang, these hackers assert that they possess "information on hundreds of companies." They have set a deadline of June 14 for victims to engage in ransom negotiations, failing which they intend to publish the data they claim to have obtained from the hacked companies. This extortion threat adds urgency to an already high-stakes security incident that has prompted swift responses from technology firms, corporations, and government agencies across the US, Canada, and the UK.
Both the BBC and British Airways experienced a compromise of employee data, which was facilitated through a breach at Zellis, a human resources firm utilized by both organizations.
On Wednesday, a spokesperson from the BBC stated, "We have been informed about a data breach that occurred at our third-party supplier, Zellis, and we are collaborating closely with them as they conduct an urgent investigation to determine the scope of the breach." The spokesperson refrained from commenting on the extortion threat made by the hackers.
Apply to Xartup Fellowship Program
Get ₹1.5 Crore Technical Funding
The company, British Airways, has taken measures to support and advise the affected individuals whose personal information has been compromised, according to a spokesperson.
In a recent incident, a renowned hacking group, known for their preferred malware since 2019, started exploiting a newly discovered vulnerability in a widely utilized file-transfer software called MOVEit. Their objective seemed to be targeting as many exposed organizations as possible, displaying an opportunistic approach to hacking and leaving a wide range of organizations susceptible to extortion.
While it remains uncertain how many agencies, if any, have fallen victim to this attack, it is worth noting that numerous US state government agencies rely on the MOVEit software.
In response to the hack, the US Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all federal civilian agencies update their MOVEit software. CISA clarified that no federal agencies have been officially confirmed as victims thus far. Additionally, CISA, in collaboration with the Federal Bureau of Investigation, has provided guidance on addressing the CLOP hack. Progress, the company that owns the MoveIT software, has also advised victims to update their software packages and issued security recommendations.
CISA's Executive Director for Cybersecurity, Eric Goldstein, stated that close coordination with Progress Software and the FBI is ongoing to assess the impact on federal agencies and critical infrastructure. However, the response to the cyber attack is an ongoing effort. According to Charles Carmakal, the chief technology officer at Mandiant Consulting, a Google-owned firm that has conducted an investigation into the hack, the CLOP hackers appear to be overwhelmed by the sheer number of victims. In contrast to previous campaigns where they directly contacted victims through email or telephone calls, they are now requesting victims to initiate contact via email, as stated by Carmakal in a LinkedIn post on Tuesday night.
Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, also expressed his concerns, stating that the sensitive nature of the data typically stored on MOVEit servers suggests there will likely be significant consequences resulting from the data theft. However, the full extent of the fallout from this attack may not be fully understood for several months.