The MOVEit file transfer zero-day vulnerability was used by the Clop ransomware campaign to compromise the data of UK communications regulator Ofcom.
The ransomware group had access to private data that Ofcom had on the companies it monitors, a representative for the regulator told The Record.
According to the organization, they took immediate action to stop further usage of the MOVEit service and to put the suggested security measures into place.
A SQL injection vulnerability exists, and it might be used by an unauthenticated attacker to access the database of MOVEit Transfer without authorization.
Source: https://securityaffairs.com/147396/data-breach/ofcom-hacked-moveit-zero-day.html
TPRM report: https://scoringcyber.rankiteo.com/company/ofcom
"id": "ofc73619923",
"linkid": "ofcom",
"type": "Ransomware",
"date": "06/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Communications',
'location': 'United Kingdom',
'name': 'Ofcom',
'type': 'Government Regulator'}],
'attack_vector': 'SQL Injection',
'data_breach': {'type_of_data_compromised': 'Private data on monitored '
'companies'},
'description': 'The MOVEit file transfer zero-day vulnerability was used by '
'the Clop ransomware campaign to compromise the data of UK '
'communications regulator Ofcom.',
'impact': {'data_compromised': 'Private data on companies monitored by Ofcom',
'systems_affected': ['MOVEit Transfer']},
'initial_access_broker': {'entry_point': 'MOVEit Transfer SQL Injection '
'Vulnerability',
'high_value_targets': 'Private data on companies '
'monitored by Ofcom'},
'motivation': 'Data Exfiltration and Ransom',
'post_incident_analysis': {'corrective_actions': 'Implementation of suggested '
'security measures',
'root_causes': 'SQL Injection Vulnerability'},
'ransomware': {'ransomware_strain': 'Clop'},
'references': [{'source': 'The Record'}],
'response': {'containment_measures': ['Immediate stoppage of further usage of '
'the MOVEit service'],
'remediation_measures': ['Implementation of suggested security '
'measures']},
'threat_actor': 'Clop Ransomware Group',
'title': 'MOVEit File Transfer Zero-Day Vulnerability Exploited by Clop '
'Ransomware',
'type': 'Ransomware',
'vulnerability_exploited': 'SQL Injection vulnerability in MOVEit Transfer'}