ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder

The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs.

Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors, ALPHV/BlackCat and Clop, claim to have hacked the cosmetics giant company Estée Lauder and added the company to their Tor leak sites.

The two attacks appear to be distinct, the Clop group claims to have stolen 131GB of data from the company. Clop gang also published the following statement on its leak site:

“The company doesn’t care about its customers, it ignored their security!!”

The BlackCat group also highlighted the poor security of Estée Lauder and said that they have still access to the victim’s network.

The Estée Lauder Companies yesterday disclosed one of the attacks in Security Exchange Commission (SEC) filing. The company admitted that crooks had access to its infrastructure and exfitrated some data.

Estée Lauder declared that it has quickly responded to the incident and took down some systems to prevent the threat from spreading within its network. The company is still investigation with the help of law enforcement to determine the extent of the security incident.

“The Estée Lauder Companies Inc. (NYSE: EL) has identified a cybersecurity incident, which involves an unauthorized third party that has gained access to some of the Company’s systems. After becoming aware of the incident, the Company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts. The Company is also coordinating with law enforcement. Based on the current status of the investigation, the Company believes the unauthorized party obtained some data from its systems, and the Company is working to understand the nature and scope of that data.” reads the FORM 8-K report filed by the company.

Estée Lauder announced that it is implementing measures to secure its business operations and prevent similar incidents in the future. The incident admitted that the security breach has caused, and is expected to continue to cause, disruption to parts of the company’s business operations.

Even if the company did not share details about the attack, it is likely that the Clop ransomware group has breached its network by exploiting the MoVEit Transfer zero-day vulnerability

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.