Shell confirmed that it had been impacted by the Clop ransomware gang’s breach of the MOVEit file transfer tool after the group listed the British oil and gas multinational on its extortion site.
This is the second instance that Shell has been hit by the Clop gang targeting a file transfer service used by its own employees and customers.
Shell stressed that no evidence of impact on the core IT systems and said their IT teams continued to investigate the incident.
Shell and Ofcom appear to be less significantly impacted by the breach as direct users of the MOVEit tool within limited settings. With personal data of 400 plus users stolen
Clop’s hack of MOVEit has claimed a number of victims in the United Kingdom, including the BBC, airlines British Airways and Aer Lingus, the pharmaceuticals retailer Boots, and even the country’s communications regulator Ofcom.
Shell was first hit by Clop back in 2021, when the gang hacked Accellion’s file transfer appliance in a plot to extort the companies using it by threatening to leak stolen sensitive information.
The first MOVEit flaw on May 31, and issued a patch the next day for CVE-2023-34362. A second bug, CVE-2023-35036, came to light last Friday, June 9, and was also patched the next day.
That brings us to this third hole, CVE-2023-35708, which is another SQL injection vulnerability that could allow an unauthenticated attacker to break into organizations’ MOVEit Transfer database and steal its content. It affects versions released before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), 2023.0.3 (15.0.3).