Clop Breaches Sony – The Attack on the Giants Continue

Clop ransomware has been very active lately, compromising numerous organizations all around the world. Tech giants and other high-profile entities have been targets of the ransomware group as it’s been exploiting a zero-day vulnerability in the MOVEit Transfer platform. Their latest victim is none other than Sony Interactive Entertainment (Sony).

Late last month, Sony admitted to a limited data breach after allegations swarmed hacking forums. Now, the company suffers a similar fate, but with a bigger impact thanks to Clop ransomware.

Apparently, the breach affected around 6,800 of its current and former employees, who were later notified by Sony. What is this breach all about? How is Sony handling it? Find out below.

The Sony Breach – One Flaw Begets Chaos

As we mentioned, organizations all over the world have been constant targets for major cybercriminals in the past months.

In fact, a couple of weeks ago, none other than Air Canada took the spotlight with a huge data breach, which exposed data belonging to 20,000 of its mobile app users.

Before that, another breach took place when Discord disclosed that an attack exposed the sensitive information of some of its users.

Now, Sony comes back with another breach, after having dealt with the same predicament just a few weeks back.

You see, at the end of last month, claims circulated on hacking forums that Sony got breached and around 3.14 GB of data had been harvested from its systems.

This time around, it’s the highly active, highly dangerous Clop ransomware group. Apparently, the threat actors exploited the zero-day is CVE-2023-34362, a critical flaw that allows the actor to perform remote code execution.

While Clop published the stolen data back in June, the firm did not provide a public statement until now.

CL0P #ransomware group added Sony Group (https://t.co/gWitcpMi4s), a Japanese multinational conglomerate corporation to their victim list. #Japan @SonyGroupGlobal#clop #darkweb #databreach #cyberrisk https://t.co/K61asq3o3E pic.twitter.com/JOnfhSdaPF

— FalconFeeds.io (@FalconFeedsio) June 22, 2023

Basically, Sony took its time to inform the affected individuals. According to the notification statement, the breach occurred back on May 28, but it was discovered at the beginning of June.

“On May 31, 2023, Progress Software announced a newly discovered vulnerability in its MOVEit file transfer platform, which is used by SIE and thousands of other enterprises around the world.

On May 28, 2023, before Progress Software announced the vulnerability and we became aware of it, an unauthorized actor used the vulnerability to download some SIE files stored on our MOVEit platform.

On June 2, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline and remediated the vulnerability.

An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.”

Despite being described as “Limited,” the breach still exposed sensitive information belonging to 6,791 people in the U.S. That’s quite a number, which means that it might have an impact.

More Data Being Exposed

When it comes to data breaches, the aftermath is always the thing to be feared. The exposed information can lead to future attacks, especially if the data is for sale.

With other threat actors gaining access to email addresses and phone numbers, they can perform various phishing and Smishing attacks.

If you’re one of the affected individuals, you must remain vigilant all the time. Don’t click on links you might find suspicious. You never know who’s behind them.