Oil And Gas Giant Shell Struck By The CL0p Ransomware Attack

Shell Global, a prominent player in the oil and gas industry, has recently confirmed that it fell victim to a series of cyber attacks that exploited a vulnerability in the MOVEit file transfer system.

The attacks were orchestrated by the Russian-linked ransomware group known as Cl0p.

shell
CL0p leak site (Source: Cybernews)

The group also claims to have published the stolen data of Shell on their leak site.

Cl0p, on its leak site, openly accused Shell of refusing to negotiate, leading to the disclosure of the company’s sensitive information.

shell
Cl0p says they have posted the Shell data on their leak site (Source: Cybernews)

However, Shell’s US spokesperson, Anna Arata, firmly stated that they have not spoken with the Cl0p gang.

Global Impact

Progress, the third-party company that provided the MOVEit file transfer system to Shell, is an American software company with a wide range of clients globally.

This highlights the potential ripple effects of the attacks, as other organizations utilizing Progress’s services may have also fallen victim.

The MOVEit zero-day vulnerability, identified as CVE-2023-34362, has been actively exploited by threat actors to steal data from organizations worldwide.

Security experts have discovered thousands of publicly accessible MOVEit Transfer instances, with a significant concentration in the United States.

While Shell admitted being one of the victims of the MOVEit breach, it stressed that the impact on its core IT systems had been minimal.

Other Known Victims

It is worth noting that the Cl0p gang claims to have breached over 200 companies worldwide through the MOVEit spree, exploiting a zero-day bug via SQL database injection.

UK’s communications regulator Ofcom and payroll services provider Zellis have also fallen victim to the Cl0p gang’s ransomware campaign, potentially exposing the personal data of employees at BBC, British Airways, Boots, and Aer Lingus.

Aer Lingus further confirmed the breach saying, “some current and former employee information” has been exposed.

Federal Institutions Have Minimal Impact

The US Cybersecurity and Infrastructure Security Agency (CISA) has also confirmed that several US federal agencies were impacted by the MOVEit attacks.

However, it seems like the Cl0p gang is not interested in involving with the government data.

shell
Cl0p says they do not keep government data (Source: Cybernews)

The group announced on their leak site that they have deleted all the government data and that their core motivation is money only.

While the immediate impact on these organizations remains uncertain, the growing list of victims heightens the risk.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

UK Electoral Commission Hit By Massive Data Breach: 40 Million Voter Records Exposed

19 Year Old Spanish Hacker Arrested for Stealing Sensitive Data of Over Half a Million Taxpayers and Boasting About It on Podcast

North Korean Hackers Target South Korean Shipbuilding Industry for Naval Secrets

Microsoft AI Researchers Accidentally Leaked 38 Terabytes of Private Data