Oil and Gas giant Shell has confirmed that it is one of the victims of a recent large scale ransomware campaign conducted by the Clop gang exploiting a MOVEit zero-day vulnerability. Shell’s data has since been published on the darknet.
Cyber criminals are actively exploiting the zero-day vulnerability, tracked as CVE-2023-34362, to steal data from organizations worldwide.
“We are aware of a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer, which is used by a small number of Shell employees and customers,” said Shell US spokesperson Anna Arata in a statement.
Read more about it here.