British Airways, Boots and the BCC suspect a potential cyber-attack by the Russian cybercriminals, Clops. The personal data of thousands of staff members of these companies might have been compromised due to a vulnerability exploited through MOVEit.
The attack was said to be orchestrated by Russian hackers to extort money from the companies. This cyber-attack was found to be pulled off through a payroll provider, Zellis; all three and many more companies use that. Zellis confirmed that eight more clients were targeted and attacked through a vulnerability in a third-party tool called the MOVEit. It has been frequently reported that MOVEit’s vulnerability has become the cause of a lot of cyber-attacks in the past.
British Airways has sent a mail informing their staff that the cyber-attack has compromised their personal information, including name, address, national insurance number and banking details. British Airways also confirmed that the hack had affected the staff payment through the payroll provider.
Boots were also affected by the hack, and the personal information of their team members was also compromised. The BBC was also affected by the hack, but the bank details of their employees were not compromised.
Investigating the cyber-attack
The National Cyber Security Centre has been informed of the attack. The Microsoft Threat Intelligence Team brought forth continuous attacks linked to a group of hackers called the Lace Tempest. This ransomware operation runs extortion sites carrying data extraction using strains of ransomware known as Clop. The Russian hacker, Clop, is known for extorting industrial companies for ransom, and if the need is not met, the sensitive information of the staff will be bided off on the dark web. The director of threat research at the US cybersecurity firm, Secureworks detailed that the attack might have been carried out by Clop ransomware and related websites, were stolen data is advertised.
MOVEit’s verdict on the issue
MOVEit’s spokesperson for the US firm Progress Software said that the vulnerabilities had been corrected and that they will continue to investigate the issue to ensure all appropriate measures are taken to ensure no future incidents occur.