More organizations have confirmed compromise stemming from the widespread Clop ransomware attacks involving the exploitation of vulnerabilities in the MOVEit Transfer file transfer app, including the California Public Employees' Retirement System, as well as PricewaterhouseCoopers and Ernst & Young, which are two of the Big Four accounting firms worldwide, reports The Record, a news site by cybersecurity firm Recorded Future.
CalPERS, which is the largest public pension fund across the U.S., had its data compromised following a MOVEit attack against third-party vendor PBI Research Services/Berwyn Group.
Information stolen from state, public agency, and school district retirees, as well as Judges Retirement System and Legislators Retirement System retirees include names, birthdates, and Social Security numbers, and could potentially include former or current employers, spouses, and children, according to CalPERS, which emphasized that the attack did not hit its systems. Meanwhile, PwC and EY were claimed by the Clop ransomware operation to have 121GB and 3GB of data stolen, respectively, but both accounting firms reported limited impact from the attacks.
North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News.