The MOVEit-related cyber attack on PricewaterhouseCoopers (PwC) has taken another turn as the Clop ransomware gang announced the release of the stolen data on a new website with a .com domain.
This information, allegedly from the PWC data breach, is set to be made public on the URL “pwcclinetsanddocuments.com,” as stated by the threat actors themselves.
The cybercriminals have taken an audacious step by creating a web version of PwC’s official website, pwc.com, where all the pilfered files from the PWC data breach will be published.
Updates, For your convenience, we have made a web version of PwC clients of the company PWC.com where all the files will be published,” read the message by the hacker collective.
This move poses significant risks, as sensitive information about PwC’s clients could now be readily accessible to anyone on the internet.
PWC data breach and MOVEit vulnerability crisis
Last month, PricewaterhouseCoopers (PwC) acknowledged falling prey to a widespread cyberattack campaign that targeted the MOVEit file transfer tool.
This campaign exploited a vulnerability in the tool, and PwC confirmed its use of Progress’ MOVEit product, which led to some impacts on both the company and its clients.
However, PwC emphasized that the effects were “limited” and that its own IT network remained uncompromised, reported CRN.
It’s important to note that Progress’ MOVEit tool has faced multiple vulnerabilities recently, the most prominent being CVE-2023-34362.
Cyber attackers, notably the Clop ransomware group, have exploited this particular flaw in recent weeks. The MOVEit vulnerability allowed unauthorized access and the potential for escalation of administrative privileges.
Furthermore, the MOVEit cyber attack has caused significant turmoil for several prominent companies.
Recently, major accounting firms like Ernst & Young (EY) have also fallen victim to the vulnerabilities of the MOVEit platform.
This supply chain cyber attack, orchestrated by the Clop ransomware gang, has resulted in a series of data breaches affecting numerous high-profile brands, including Health Service Ireland (HSE) and payroll services provider Zellis.
Other victims include Radisson Hotels Americas, The National Student Clearinghouse, Ameritrade and many more.
In fact, according to KonBriefing, the number of MOVEit cyber attacks has now reached an astonishing 377. Among these, it has been reported that over 251 companies in the US have become the direct victim of these MOVEit vulnerability exploitation attacks, followed by Germany, which has a total of 31 victims as of July 19, 2023.
MOVEit vulnerability victims: The list soars to a new level
Clop ransomware group, a notorious threat actor and one of the most influential ones right now, added several prominent organizations and educational institutions to its list of growing victims.
Among those affected are renowned companies such as ITT, Allegiant Air, American Airlines, Estée Lauder, Sierra Wireless, and more.
Even regulatory bodies like Ireland’s Commission for Communications Regulation and Britain’s Ofcom have not escaped the clutches of this cyber menace.
Moreover, the MOVEit cyber attack spree has extended its reach to the academic realm, affecting universities across various US states, including Alaska, Colorado, Dayton, Delaware, Georgia, Idaho, Illinois, Loyola, Missouri, Oklahoma, Rochester, Southern Illinois, Temple, Utah, Wake Forest, Washington State, Webster, and Worcester State.
This is an ongoing story as the number of MOVEit victims is expected only to increase. The Cyber Express is following this story and will update the post once we have more information on the breach and any further statements from the company.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.