The Nova Scotia cyber attack has been attributed to the MOVEit Transfer vulnerability.
The cyber attack on Nova Scotia, one of the thirteen provinces and territories of Canada, has impacted an undisclosed number of users with their data being exposed to hackers.
They gained access to the Nova Scotians’ data by exploiting the MOVEit Transfer vulnerability, disclosed the provincial administration.
Upon being notified by the file transfer service, MOVEit, the province of Nova Scotia took the systems offline. In a news release by the Nova Scotia administration, the authorities stated that the personal information of an unknown number of persons was breached in the Nova Scotia cyber attack.
Nova Scotia cyber attack: MOVEit in question
Addressing the security issue arising from the breach of the file transfer service, MOVEit vulnerability, the officials said the staff was in the process of finding more details about the Nova Scotia cyber attack.
The administration is yet to confirm the number of systems compromised and how the amount of data exploited in the Nova Scotia cyber attack. The Cyber Express has emailed the administration, and we will update this report with the latest developments.
The provincial government was alerted about the Nova Scotia cyber attack on June 1 via a vulnerability in a company software that it was a client of. Following this, the province tool the system offline and installed security measures to prevent further damage.
“The Province will contact impacted Nova Scotians directly once they have been identified and will share more information as the investigation continues,” the news release said. Nova Scotia used the MOVEit Transfer services to share information within the government efficiently.
On June 2, the Cybersecurity & Infrastructure Security Agency (CISA) released an advisory mentioning the critical vulnerability CVE-2023-34362 in MOVEit Transfer: an SQL Injection flaw.
Stating the severity of exploitation of similar vulnerabilities, the CISA advisory wrote, “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
Nova Scotia cyber attack and the MOVEIt Transfer vulnerability
Although it was not determined how many individuals and systems were impacted by the Nova Scotia cyber attack, provincial Cyber Security and Digital Solutions Minister Colton LeBlanc told reporters that the staff was doing some work manually.
“At this time, staff are manually going through all of the files that were accessed to identify what information was stolen and who it belongs to,” he said.
The developers of the MOVEit software are from the Burlington, Massachusetts-based company Progress, formerly Ipswitch.
The MOVEit Transfer vulnerability may also have impacted the Justice Department, according to a Halifax Examiner report. However, this was not confirmed by Minister Colton Leblanc.
“Active exploitation of this vulnerability has been observed in the wild, which could lead to escalated privileges and potential unauthorized access to an environment,” said a threat analysis report by cybersecurity company Reliaquest.
“ReliaQuest observed exploitation of this vulnerability since at least May 27, 2023.”
This was four days before the company publicly addressed the zero-day vulnerability. It can be inferred that more victims will come forward with data breach notifications in the near future.
Also, hackers will also likely contact and threaten targeted companies with their ransom demands failing which they will leak their data on the dark web. Mass data exploitation has occurred owing to the MOVEit Transfer vulnerability exploitation.
So far, a group dubbed Lace Tempest has been associated with the hacking of data exploiting this MOVEit Transfer vulnerability, Microsoft reported.
Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Cl0p extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims,” the software company tweeted.
According to Microsoft, such exploitation of vulnerabilities is often followed by the deployment of a web shell data exfiltration tactic.