Norton parent firm Gen Digital, was victim of a MOVEit attack too

Norton parent firm, Gen Digital, was the victim of an attack that exploited the recently disclosed MOVEit zero-day vulnerability.

Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services.

The company owns multiple brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner.

Gen Digital said it was the victim of a cyber attack, threat actors have exploited the recently disclosed MOVEit Transfer vulnerability CVE-2023-34362.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

The Clop ransomware group recently claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.

The Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.

The ransomware gang published an extortion note on its dark web leak site claiming to have information on hundreds of businesses.

The company confirmed that the threat actors had access to the personal information of employees. Exposed data include names, addresses, birth dates, and business email addresses.

“We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed.” the company tolds Securityweek. “Unfortunately, some personal information of Gen employees and contingent workers was impacted which included information like name, company email address, employee ID number, and in some limited cases home address and date of birth. We immediately investigated the scope of the issue and have notified the relevant data protection regulators and our employees whose data may have been impacted.”

The company notified data protection regulators and the affected third parties.

The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, University of Rochester.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.