MOVEit attack on Aon exposed data of the staff at the Dublin Airport

Pierluigi Paganini July 04, 2023

Personal data of the personnel at the Dublin Airport was compromised due to a MOVEit attack on professional service provider Aon.

Data of about 3000 employees of Dublin Airport (DDA) were compromised after professional service provider Aon fell victim to a MOVEit Transfer attack. Dublin Airport notified local authorities and Ireland’s Data Protection Commission.

Aon is the last victim of the attacks exploiting the flaw CVE-2023-34362 affecting the Progress Software’s MOVEit file transfer platform.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

A few days after the release of Progress’s advisory, the Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.

While DAA announced that it is assisting the impacted employees, Aon has yet to publish a public statement about the security breach.

The Clop ransomware group recently claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.

The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of EnergyBritish AirwaysBoots, the BBC, Aer Lingus, OfcomShell, University of Rochester, Schneider Electric, Siemens Energy, and Gen Digital.

Recently the US State Department offered$10 million reward for any information which would link members of the Cl0p ransomware gang to a foreign government.

Cybercriminals are launching supply-chain attacks against third-party suppliers and service providers time and time again. It’s no surprise that such breaches are increasingly making headlines due to the potential for many victims and hefty ransoms demanded by attackers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, clop ransomware)



you might also like

leave a comment