List of Clop ransomware (opens in new tab) Victims continue to grow as attackers add American retail icon Saks Fifth Avenue to their data exfiltration website.
Saks Fifth Avenue is a luxury brand retailer offering curated shops featuring the latest trends in apparel, shoes, handbags and more.
The threat actor added the retailer’s name to the leak site, but did not provide additional details such as the type of data retrieved or the data’s owner (customer, partner, employee, etc.).
fake data Meanwhile, the company confirmed the data breach to BleepingComputer, with a spokesperson saying it fell prey to the now-infamous GoAnywhere MFT vulnerability. underestimated its importance.
“Fortra, a vendor of Saks and many other companies, recently experienced a data security incident in which fake customer data was stolen from storage used by Saks.” It does not contain customer or payment card information and is used only to simulate customer orders for testing purposes.”
Reporters were met with silence as they continued to question whether corporate or employee data had been obtained.
Who actually believed Clop when he added the Community Health System (CHS) to his data leak site in mid-February this year, claiming that he compromised 130 organizations using a single GoAnywhere MFT vulnerability It is safe to assume that there were very few. Threat actors have not corroborated these claims at this time.
Klopp has since added Hatchbank, Hitachi Energy, Ferrari and dozens of other companies to the leak site, lending credence to its claims.
GoAnywhere MFT is a popular file sharing service developed by Fortra and used by large enterprises to securely share sensitive files. It was vulnerable to CVE-2023-0669, a pre-authentication command injection vulnerability in the License Response Servlet, which allowed members of Clop to remotely execute malicious code.
Via: BleepingComputer (opens in new tab)