Hackers from the Clop group attacked hundreds of companies and government agencies in the United States

Russian hackers carried out a large-scale cyber attack on Western countries and stole the data of hundreds of companies and government agencies. While we are talking only about companies and departments in the US and the UK, the BBC, British Airways, Shell and the US Department of Energy stand out among the largest targets. Responsibility for the attack was claimed by the Clop group (spelling variant – Cl0p), which the world media traditionally associates with Russia.

We have data from hundreds of companies, so the conversation between us will be simple representatives of the Clop group

American government agencies attacked by “Russian hackers”

In the United States, several government agencies were hacked at once. Speaking to CNN, Eric Goldstein, executive assistant director of the US Cyber ​​Security Agency (CISA), commenting on the attack, confessedthat the department is “providing support to several federal agencies that have experienced intrusions” into their infrastructure.

“We are doing urgent work to understand the consequences of the attack and ensure they are dealt with in a timely manner,” Goldstein said, adding that hundreds of American companies could also be among those whose documents were stolen. At the same time, the exact list of departments is still kept secret, but Bloomberg became knownthat it has the US Department of Energy, one of the national laboratories, as well as a repository of radioactive waste.

Agency Reuters added that the list of victims included the British oil and gas giant Shell, as well as Johns Hopkins University. The Shell problem recognizedhowever, they did not talk about the extent of the damage done.

Who was accused of the attack and what do the hackers want

Western media believe that cybercriminals from the Clop ransomware group are behind the attack. It includes Russian-speaking members, which is why they are considered “Russian hackers” in the Western media. Clop positions itself as a team pursuing purely financial goals: they infect systems in order to receive a ransom. However, US officials note that so far none of the country’s infected government agencies has received ransom demands.

In their darknet blog, Clop members admitted that they are behind the massive attack on American organizations. They wrotethat consider themselves one of the best groups “providing services pentesta after the fact”, and also made a number of statements regarding the fate of the infected organizations.

If you represent government agencies, city services or law enforcement agencies – do not worry, we will delete all your data that is in our possession. You are not of interest to us, we do not plan to publish the information received representatives of the Clop group

Hackers intend to demand a ransom from commercial companies, otherwise cybercriminals threaten to publish the data obtained. The amount of the ransom is determined in the correspondence. According to American media, we can talk about millions of dollars in each case. But, for example, Shell has already stated that they will not negotiate.

Hackers used a vulnerability in popular software

The attack, as a result of which hackers stole the data of hundreds of companies, has been going on for more than two weeks, and American companies and government agencies have become the second link in the chain. Top of the list were BBC, British Airways and others. To prove the hack, Clop representatives have already published data from 13,000 London drivers is online.

The attack uses the so-called zero day vulnerability in the MOVEit Transfer software. It is used by thousands of companies around the world to securely transfer files between partners and customers. Progress Software, whose subsidiary (Ipswitch) released MOVEit Transfer, acknowledged presence of the problem and began to fix the discovered vulnerabilities, the number of which continued to grow (on the morning of June 15, eliminated the third problem, and the number of undetected vulnerabilities is still unknown). Researchers at Kroll came to even more disappointing results: according to them, hackers from Clop found a vulnerability back in 2021 and tested it all the time until they finally launched a massive attack.

This is not the first such action in the history of Clop ransomware. Prior to that, they claimed responsibility for attacks carried out using vulnerabilities in other popular services for secure data transfer (Accellion FTA in 2020 and Fortra GoAnywhere in early 2023). At the time, the group did not disclose the ransom amounts received.

In addition, on June 14, several hacker groups at once announced plans to carry out a large-scale attack on the European banking system. As it became known to Lente.ru, Killnet hacktivists, representatives of Revil, which was considered to be defeated, as well as members of Anonymous Sudan, united their efforts to achieve this goal. This attack in the alliance was called “the strongest cyber attack in the recent history of the world.” Its targets are “many European banks”, it is also stated that this will not be a DDoS attack. Cyber ​​activists have made it clear that they consider money to be the main problem of the modern world. In particular, they are embarrassed that European states finance Kyiv.