Extreme Networks emerges as victim of Clop MOVEit attack
Extreme Networks has disclosed that it’s the newest know-how firm affected by the fast-developing MOVEit cyber attack, with downstream prospects of the community {hardware} and providers provider probably in danger of having had their knowledge stolen by the Clop (aka Cl0p) cyber extortion operation.
In a message published on Wednesday 7 June, Extreme Networks CISO Philip Swain mentioned: “We not too long ago discovered that our occasion of the Progress Software MOVEit Transfer device was impacted by a malicious act. We took speedy motion, using our safety protocols, and have contained impacted areas.
“Our investigation is ongoing, and if it is determined customer information has been impacted, we will communicate directly with those customers and disclose all relevant information,” mentioned Swain.
The disclosure got here after Computer Weekly’s sister title LeMagIT contacted Extreme Networks on Tuesday 6 June, having discovered of an occasion of the affected managed file switch service, MOVEit Transfer, related to Extreme Networks’ area. This occasion was supposedly exhibiting behaviour symptomatic of the CVE-2023-34262 exploit chain.
Later the identical day, the occasion was discovered to be unresponsive and appeared to have been disconnected from the general public web. Extreme Networks had not responded to LeMagIT’s request for clarification on the time of writing.
CVE-2023-34262 is a SQL injection vulnerability in MOVEit switch that Clop has apparently been engaged on weaponising for a substantial size of time. It is the newest in a collection of file switch merchandise to have been compromised by Clop and turned towards their customers.
To date, the best profile victim of the prolific cyber gang’s new wave of assaults has been Zellis, an HR and payroll software program provider.
A quantity of Zellis prospects, together with the BBC, Boots and British Airways, have had their worker knowledge exfiltrated by Clop, which is presently demanding the victims make contact with it by 14 June to barter a ransom.
In poorly worded statements posted to its leak website, Clop has beforehand implied that if an organisation makes use of MOVEit Transfer, there’s a excessive likelihood it has obtained their knowledge.
Over 2,000 identified cases of MOVEit Transfer had been uncovered to the web on the level of disclosure, and it’s not potential to place a determine on what number of impacted prospects these organisations could have.
Given how the exploit has been used, the addition of Extreme Networks to the listing might be of concern to its 50,000 worldwide prospects, though on the time of writing, there isn’t any proof to indicate that any of them have been compromised.
Extreme Networks has a very robust presence within the sports activities and leisure sector, with UK prospects together with Premier League sides Liverpool and Manchester United.
UK victims in demand
Cybersixgill, an Israel-based menace intelligence specialist, mentioned that previously few days, its analysis crew had uncovered a number of posts on darkish net boards particularly requesting knowledge on UK-based victims, with one providing as much as $100,000, though they particularly referenced Zellis prospects.
In emailed feedback, Cybersixgill advised Computer Weekly that the menace actor had moreover claimed that the information could be used “by a team dedicated to leveraging UK-sourced data”.
