Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California..
Data were stolen by the ransomware gang by compromising the Accellion File Transfer Appliance (FTA) application used by the universities to share information.
Recently multiple universities were hit by CLOP operators, experts speculate all the the attacks are linked to Accellion security breach.
The University told DataBreaches.net that hackers had accessed a limited number of files in its system containing some personally identifiable information.
“In late December, CLOP breached the security of our Accellion file transfer system. This system was used by our students, faculty, and staff to transfer encrypted files. We discovered the breach earlier this week, when the hackers posted evidence that they had accessed a limited number of files in our system containing some personally identifiable information.” said UMD representative Alex Likowski.
The same ransomware gang also breached the Accellion server used by Stanford Medicine at the Stanford University.
“Hackers have leaked stolen data belonging to members of the Stanford community — including Social Security numbers, addresses, emails, family members and financial information — after obtaining the data from a compromised file transfer system used by the Stanford University.” reads the statement published bythe Stanford University.
“The leaked Stanford data is part of a massive data breach affecting numerous businesses and universities that targeted a widely-used file transfer service, Accellion, used by the University.”
In February, security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.
The wave of attacks began in mid-December 2020, threat actors exploited multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software to deploy a shell dubbed DEWMODE on the target networks.
The attackers exfiltrate sensitive data from the target systems and then published it on the CLOP ransomware gang’s leak site.
It has been estimated that the group has targeted approximately 100 companies across the world between December and January.
FireEye pointed out that despite FIN11 hackers are publishing data from Accellion FTA customers on the Clop ransomware leak site, they did not encrypt systems on the compromised networks.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Clop ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
A former U.S. NSA employee has been sentenced to nearly 22 years in prison for…
A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest…
A flaw in the R programming language enables the execution of arbitrary code when parsing…
The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019.…
Finnish hacker was sentenced to more than six years in prison for hacking into an…
The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure…
This website uses cookies.