Most people reading these posts will be fully aware of the huge cyber attack which happened at the back end of May which targeted a vulnerability in the file transfer code of the financial software MOVEit.
I have posted a few times about this breach, which has shaped up to be the worlds largest leak of personal data:
(09/06/23) Blog 160 – Clop like to MOVEit MOVEit
(19/06/23) Blog 170 – Cl0P Ransomware – Cyber Advisory
(27/06/23) Blog 178 – Cl0p list of victims growing by the day
As you would suspect, being the perpetrators of the worlds largest data breach, Cl0p are being scrutinised by security researchers all over the world. One such group of researchers at the German cyber security firm KonBriefing have started tallying up some facts and figures about the victims of the breach.
Attack timeline
Victim data
The number of known victims currently stands at a massive 431 organisations and over 22 million individuals. The scale of the breach is staggering, and will have ramifications for those affected for many years to come, with a rise in targeted phishing attacks, compromised accounts, acts of fraud, and much more.
With regards to the locations of the companies affected, the USA has the largest number of victim organisations, with Germany and the Canada coming in 2nd and 3rd respectively. The UK has the 4th largest number of affected organisations.
It is very likely that more companies will be added to this list over the coming months.
Clear web downloads
The sheer scale of the data stolen by Cl0p in these attacks is staggering. In some cases, the amount of data leaked has been too much for the dark web to manage.
Tor is notoriously slow when it comes to file transfer, so in the cases of PwC, Ernst & Young, Ameritrade, and a couple of others, Cl0p offered the data for download over the clear (surface) web.
All of the clear web sites published by Cl0p have been quickly closed down, whether this is down to DDoS attacks from others, take-downs by law enforcement, or removal by conscientious hosting providers is unknown.