NortonLifeLock Hacked!

NortonLifeLock has fallen victim to a cyberattack by Cl0p. Online reports indicate that the Cl0p ransomware gang successfully hacked into the company’s systems, exploiting the Moveit vulnerability. 

Since the news about NortonLifeLock being hacked by the ransomware gang was shared online, threat analyst Brett Callow shared another Tweet stating that Cl0p listed NortonLifeLock, along with over 80 other companies, on their Darknet leak page.

The tweet also mentions that Cl0p claims that the number of victims is in the hundreds. 

While it is not entirely clear which specific MOVEit vulnerability was exploited in this Norton LifeLock breach, The Cyber Express reported three main vulnerabilities exploited in the MOVEit incident. 

In response to a query by The Cyber Express, NortonLifeLock shared an update on the NortonLifeLock hack situation.

“We use MOVEitfor file transfers and have remediated all of the known vulnerabilities in the system. We have confirmed that there was no impact on our core IT systems and our services and that no customer or partner data has been exposed.” 

“Unfortunately, some personal information of Gen employees and contingent workers was impacted, which included information like name, company email address, employee ID number, and in some limited cases, home address and date of birth,” said a NortonLifeLock spokesperson. 

NortonLifeLock hacked along with other victims

The cybersecurity community has been abuzz with discussions about the vulnerability in Progress’ MOVEit MFT solution, which allowed hackers to send external login requests to the cloud SQL database.

With brute force tactics, the attackers gained full access to the web repository, enabling them to upload and manage existing files.

Despite a patch being released soon after the vulnerability’s discovery, it was already too late for NortonLifeLock and many other companies.

However, there seems to be a glimmer of hope for the victims of the MOVEit vulnerability.

The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) announced a $10 million reward for anyone providing actionable intelligence on the Cl0p ransomware group. 

This joint effort to combat cybercrime aims to encourage individuals with valuable information about the ransomware group’s activities to come forward and assist in the fight against these malicious actors.

The US State Department program, Rewards for Justice, also used social media to publicize the substantial reward against Cl0p.

The $10 million reward incentivizes individuals with information that could link the Cl0p ransomware group or any other malicious cyber actors targeting US critical infrastructure to a foreign government.

The announcement caused a temporary halt in the hackers’ activities as they realized the magnitude of the consequences they could face with such a substantial reward on their heads.

NortonLifeLock hacked while threat actor exploit vulnerabilities

The MOVEit cyber attack orchestrated by the Cl0p ransomware group inflicted significant damage on numerous organizations.

Exploiting the vulnerability, the group gained access to MOVEit Transfer and targeted the Zellis payroll service platform, exfiltrating vast amounts of system data.

The initial vulnerability, later identified as CVE-2023-34362, was discovered by Progress’s MOVEit on May 31.

Starting in early June, Cl0p began launching cyber attacks on clients utilizing MOVEit or Zellis. High-profile companies such as BBC, British Airways, Aer Lingus, and even the Canadian government’s Nova Scotia website found themselves on the list of victims.

The group initially set a deadline of June 12, which was later extended to June 14, threatening to leak the exfiltrated data if their demands were unmet.

As the attacks continued, the Cl0p gang expanded their victim list to include prestigious institutions such as Johns Hopkins University, the University of Georgia, Shell, and Putnam Investments.

Additionally, numerous government websites, including the US Energy Department, received ransom notices from the group, highlighting the widespread impact of the cyberattack.

As of June 16, the Cl0p gang had already named 63 victims in connection with exploiting the MOVEit vulnerability, according to Threat Analyst Brett Callow.

While the exact extent of the damage caused by the cyberattack is still being assessed, the joint efforts of law enforcement agencies and the significant reward offered provide hope in the ongoing battle against cybercrime and ransomware attacks.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.