Cl0p Cybercrime Gang Delivers Ultimatum After Payroll Breach

Experts and researchers warn individuals and organizations that the cybercrime group is not to be trusted in their demands.

Dark Reading Staff, Dark Reading

June 7, 2023

1 Min Read
three robots over a Russian flag background
Source: Marcus Harrison via Alamy Stock Photo

Yesterday, a Russian cybercrime gang, known as Cl0p, delivered an ultimatum to multiple companies that were the targets in a recent MOVEit zero-day attack with a deadline of June 14.

In a notice posted on the Dark Web, the gang warns companies that were affected by the hack — which resulted in stolen payroll data from over 100,000 members of staff within the BBC, British Airways, and Boots — that if these firms do not email the group by the deadline, the private data will be published.

Other organizations that may have also been breached include Aer Lingus, an international airline, as well as the Nova Scotia government and the University of Rochester.

"This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit," stated a blog post allegedly made by Cl0p.

Analysts at Microsoft first believed that it was likely that Cl0p was behind of the attack based on the techniques used — breaking into the MOVEit software and using it to access internal databases — but has since confirmed this theory due to the language used in the gang's blog post.

Experts advise employers and individuals not to panic and not to pay any ransom demands, and for organizations to carry out authorized security checks.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights