Shell Confirms Clop Hackers Infiltrated its Network via MOVEit Flaw

Clop ransomware operators have affected Shell’s IT network using the recently-emerged vulnerabilities in MOVEit Transfer, the oil and gas giant confirmed this week.

A week ago, Clop ransomware operators began extorting hundreds of companies after hacking into their servers to steal valuable data, in what appeared to be a massive supply-chain incident made possible by a critical vulnerability in the MOVEit file transfer tool developed by Progress Software.

The Clop hacking spree includes Shell, according to the latest update on the hackers’ name-and-shame website. The British firm has confirmed the claims, telling inquiring news outlets that:

“We are aware of a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer, which is used by a small number of Shell employees and customers.”

In a June 1 advisory, the tool’s makers warned that the vulnerability, tracked as CVE-2023-34362, could lead to escalated privileges and unauthorized access to the environment of people who use it.

The spokesperson said there was “no evidence of impact to Shell’s core IT systems” and that “we are not communicating with the hackers.” The spokesperson added that the firm’s IT teams are still investigating.

Progress Software has so far confirmed three vulnerabilities in its file transfer solution, the latest of which has yet to be patched. System administrators are offered a comprehensive advisory to mitigate potential attacks as the company works around the clock to deliver a software fix.