cyber Vulnerability

Ofcom

Oct 4, 2023 1 min read
Ofcom

The MOVEit file transfer zero-day vulnerability was used by the Clop ransomware campaign to compromise the data of UK communications regulator Ofcom.

The ransomware group had access to private data that Ofcom had on the companies it monitors, a representative for the regulator told The Record.

According to the organization, they took immediate action to stop further usage of the MOVEit service and to put the suggested security measures into place.

A SQL injection vulnerability exists, and it might be used by an unauthenticated attacker to access the database of MOVEit Transfer without authorization.

Source: https://securityaffairs.com/147396/data-breach/ofcom-hacked-moveit-zero-day.html

TPRM report: https://scoringcyber.rankiteo.com/company/ofcom

"id": "ofc73619923",
"linkid": "ofcom",
"type": "Ransomware",
"date": "06/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Communications',
                        'location': 'United Kingdom',
                        'name': 'Ofcom',
                        'type': 'Government Regulator'}],
 'attack_vector': 'SQL Injection',
 'data_breach': {'type_of_data_compromised': 'Private data on monitored '
                                             'companies'},
 'description': 'The MOVEit file transfer zero-day vulnerability was used by '
                'the Clop ransomware campaign to compromise the data of UK '
                'communications regulator Ofcom.',
 'impact': {'data_compromised': 'Private data on companies monitored by Ofcom',
            'systems_affected': ['MOVEit Transfer']},
 'initial_access_broker': {'entry_point': 'MOVEit Transfer SQL Injection '
                                          'Vulnerability',
                           'high_value_targets': 'Private data on companies '
                                                 'monitored by Ofcom'},
 'motivation': 'Data Exfiltration and Ransom',
 'post_incident_analysis': {'corrective_actions': 'Implementation of suggested '
                                                  'security measures',
                            'root_causes': 'SQL Injection Vulnerability'},
 'ransomware': {'ransomware_strain': 'Clop'},
 'references': [{'source': 'The Record'}],
 'response': {'containment_measures': ['Immediate stoppage of further usage of '
                                       'the MOVEit service'],
              'remediation_measures': ['Implementation of suggested security '
                                       'measures']},
 'threat_actor': 'Clop Ransomware Group',
 'title': 'MOVEit File Transfer Zero-Day Vulnerability Exploited by Clop '
          'Ransomware',
 'type': 'Ransomware',
 'vulnerability_exploited': 'SQL Injection vulnerability in MOVEit Transfer'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.