The Cl0p Ransomware has struck again, this time claiming to have targeted Deloitte. The ransomware gang, known for its high-profile attacks, claimed responsibility for breaching Deloitte’s infrastructure in a recent post on its dark web data breach blog. While Deloitte’s response refutes the claims, the incident highlights the ongoing risk posed by the MOVEit vulnerability.
Deloitte’s denial of the breach comes with a strong statement from the company’s global spokesperson. Deloitte stated that they found no evidence of any breach of client data during their analysis.
The company took immediate action upon discovering the zero-day vulnerability, applying security updates and mitigating actions as per the vendor’s guidance. Deloitte claimed that their global network’s use of the vulnerable MOVEit Transfer software is limited, and their analysis revealed no impact on client data.
Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance. Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact on client data.Deloitte statement
The Cl0p Ransomware group has been on a hacking spree, exploiting the MOVEit vulnerability to target major companies worldwide. Previous victims include renowned names like PWC business consulting firm, TD Ameritrade, Aon, Kirkland, and Ernest & Young, among others.