Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear.
The Clop ransomware gang's threat campaign against customers of Progress Software's MoveIt Transfer product has potentially led to the compromise of hundreds of organizations, but experts are uncertain on how successful the campaign has been for the threat actors.
In the month and a half since CVE-2023-34362 -- a critical SQL injection zero-day flaw affecting managed file transfer software MoveIt -- came to light, dozens of organizations have disclosed breaches as a result of the flaw's exploitation. In the weeks since exploitation, the threat actor at the center, Clop, has named many organizations to its data leak site.
Emsisoft threat analyst Brett Callow, who has been tracking the campaign, tweeted Tuesday that more than 270 organizations have been affected to date. Many of the victims include those named to Clop's data leak site, although some listed organizations have denied that a MoveIt-related data breach against them has taken place.
Security experts broadly expressed uncertainty to TechTarget Editorial regarding how successful the threat campaign against MoveIt customers has been for Clop. The experts argued that because the campaign did not involve ransomware encrypting victims' networks, there was likely less pressure on victims to pay a ransom.
On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss Clop's exploitation campaign of CVE-2023-34362, the scope of the attacks and how the ransomware threat landscape is changing.
Subscribe to Risk & Repeat on Apple Podcasts.
Alexander Culafi is a writer, journalist and podcaster based in Boston.