A wave of cyberattacks and data breaches began in June 2023 after a vulnerability was discovered in MOVEit, a managed file transfer software.
Disguised as ASP.NET files used legitimately by MOVEit, LemurLoot can steal Microsoft Azure Storage Blob information.
[3] On June 5, various organizations in the United Kingdom, including the BBC, British Airways, Boots, Aer Lingus, and payroll service Zellis were breached.
[7] According to the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, the breaches are being conducted by Cl0p, a Russian-affiliated cyber gang.
[9] Cybersecurity and Infrastructure Security Agency (CISA),[10] CrowdStrike,[11] Mandiant,[12] Microsoft,[13] Huntress[14] and Rapid7[15] have assisted with incident response and ongoing investigations.