Pierluigi Paganini June 22, 2023

Norton parent firm, Gen Digital, was the victim of an attack that exploited the recently disclosed MOVEit zero-day vulnerability.

Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services. 

The company owns multiple brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner.

Gen Digital said it was the victim of a cyber attack, threat actors have exploited the recently disclosed MOVEit Transfer vulnerability CVE-2023-34362.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

The Clop ransomware group recently claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.

The Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.

The ransomware gang published an extortion note on its dark web leak site claiming to have information on hundreds of businesses.

The company confirmed that the threat actors had access to the personal information of employees. Exposed data include names, addresses, birth dates, and business email addresses.

“We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed.” the company tolds Securityweek. “Unfortunately, some personal information of Gen employees and contingent workers was impacted which included information like name, company email address, employee ID number, and in some limited cases home address and date of birth. We immediately investigated the scope of the issue and have notified the relevant data protection regulators and our employees whose data may have been impacted.”

The company notified data protection regulators and the affected third parties.

The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, University of Rochester.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)