SecurityWeek reports that U.K. water provider South Staffordshire has been hit by a Cl0p ransomware attack, but the ransomware gang has claimed to have breached Thames Water, which is the largest water and wastewater firm in the U.K., on its leak site.
Despite naming Thames Water as its victim, Cl0p ransomware has posted files from South Staffordshire as proof of the attack. Files from South Staffs Water, a subsidiary of South Staffordshire, have also been leaked by Cl0p.
Thames Water has denied being impacted by a ransomware attack but South Staffordshire confirmed that while its corporate IT network was disrupted by the intrusion, water supply has not been affected.
Cl0p ransomware claimed that it was able to exfiltrate more than 5TB of data from its victim after compromising its supervisory control and data acquisition system and other systems, with Cl0p posting screenshots relating to its victim's human-machine interface systems.
The legitimacy of the screenshots has been vouched by Radiflow CEO Ilan Barda.
"... [W]hen an attacker gains access to such an internal OT computer they can also install a hidden malware that will further spread in the internal OT network and might eventually reach assets in which it can cause real damage," Barda added.
Attacks spreading the credential- and cryptocurrency wallet asset-stealing BeaverTail malware variant that delivers that information-stealing Python-based InvisibleFerret backdoor were initially conducted by Lazarus Group via fake job offers that dupe targets into executing a malicious Node.js project.
Developers have been subjected to intrusions involving the exploitation of LinkedIn to deliver a ZIP file purporting to be a Python coding challenge but contains the novel COVERTCATCH malware.
Immediate withdrawal and deposit takedowns, as well as notifications to the FBI's Internet Crime Complaint Center and the Singaporean police have been conducted by Penpie following the theft on Tuesday.