Shell Confirms Supply Chain Attack

The energy giant Shell is another one of a number of leading organisations that have been hacked. 

Shell has confirmed that employee personal data has been compromised by a recent MOVEit Transfer hack after the CI0p cybercrime group listed the British oil and gas multinational on its Dark Web extortion site. “A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform.

MOVEit Transfer is used by a small number of Shell employees and customers,” says Shell in a statement. “This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.”

Some personal information relating to employees of the BG Group has been accessed without authorisation.
It is the second time that Shell, which employs more than 80,000 people globally and reported revenues in excess of $381 billion last year, has been hit by the Cl0p gang targeting a file transfer service.

The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product to steal data from around 130 organisations that had been using the solution. To date, at least 15 million individuals are believed to be impacted. 

The Russia-linked cyber crime gang has started naming victims that refused to negotiate on its leak website and Shell was among the first organisations. In a statement, Shell confirmed being hit by the MOVEit hack, clarifying that the MFT software was “used by a small number of Shell employees and customers”. 

“Some personal information relating to employees of the BG Group has been accessed without authorisation,” the company said.  It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified. Toll-free phone numbers where additional information can be obtained have been made available for employees in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands, suggesting that affected people may be from these countries. 

Shell's emphasis that “this was not a ransomware event”, refers to the fact that file-encrypting malware was not deployed in the attack, and that there is no evidence of any other IT systems being affected. 

Shell confirmed the incident after the Cl0p cyber crime gang published files allegedly stolen from the firm. The group has made available 23 archive files labeled ‘part1’, which could suggest that they are in possession of more data. When they published the Shell files, the cyber criminals noted that the company did not want to negotiate.

Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service. The company confirmed at the time that the hackers had stolen personal and corporate data. 

Other major organisations that have been named by Cl0p and confirmed being affected by the recent MOVEit exploit include Siemens Energy, Schneider Electric, UCLA and EY. Some government organisations have also admitted being hit, but the cyber criminals claim to have deleted all data obtained from these types of entities. 

Cl0p’s hack of MOVEit has claimed a number of victims in the UK, including the BBC, airlines British Airways and Aer Lingus and numerous others. 

Shell:    CISA:     Security Week:     The Record:     Cybernews:    Techcrunch:   Image: Anoop

You Might Also Read:   .

USA & Europe Undergoing  A Wave Of Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Russian Hackers Hit Ukrainian Security Services
JumpCloud Says Nation-State Hackers Hit Specific Customers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.