MOVEit Transfer zero-day attacks claimed by Clop ransomware

Attacks exploiting a zero-day in the MOVEit Transfer file transfer app to compromise various servers and facilitate data exfiltration efforts have been admitted by the Clop ransomware operation, also known as Lace Tempest, TA505, and FIN11, after the intrusions have been attributed to the group by Microsoft, reports BleepingComputer. Clop ransomware confirmed that attacks leveraging the flaw commenced on May 27 and that it has not begun its extortion campaign against organizations impacted by the intrusions but emphasized that data it had exfiltrated from governments, children's hospitals, and the military has been deleted. Impact from Clop's MOVEit data theft attacks has been reported by UK payroll and human resources solutions vendor Zellis, which in turn has affected some of its customers, including Aer Linguss and British Airways. "We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate," said Zellis.