Gen Digital - Says Employee Data Stolen in MOVEit Ransomware Attack

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
587
Gen Digital (NASDAQ: GEN), the company behind known cybersecurity brands such as Avast, Avira, AVG, Norton, and LifeLock, has confirmed that employee’s personal information was compromised in the recent MOVEit ransomware attack.

The attack exploited a zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) software that Progress Software disclosed on May 31.

Mass exploitation of the bug, which is tracked as CVE-2023-34362 and described as a critical-severity SQL injection, started in late May, but evidence suggests that the attackers knew about the flaw or tested it since 2021.

An exploitation campaign targeting the zero-day has been attributed to the Cl0p ransomware gang, which been publicly naming some of the victims. More than 100 organizations have been impacted by attacks targeting the zero-day.

Cl0p, which previously exploited a zero-day in the GoAnywhere MFT software to steal data from numerous organizations, has added Norton LifeLock to its leak site, cybersecurity analyst and security researcher Dominic Alvieri warned on Monday.

Responding to a SecurityWeek inquiry, Gen confirmed impact from the ransomware attack, revealing the attackers compromised the personal information of employees, including names, addresses, birth dates, and business email addresses.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top