Shell Confirms Supply Chain Attack

The energy giant Shell is another one of a number of leading organisations that have been hacked. 

Shell has confirmed that employee personal data has been compromised by a recent MOVEit Transfer hack after the CI0p cybercrime group listed the British oil and gas multinational on its Dark Web extortion site. “A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform.

MOVEit Transfer is used by a small number of Shell employees and customers,” says Shell in a statement. “This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.”

Some personal information relating to employees of the BG Group has been accessed without authorisation.
It is the second time that Shell, which employs more than 80,000 people globally and reported revenues in excess of $381 billion last year, has been hit by the Cl0p gang targeting a file transfer service.

The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product to steal data from around 130 organisations that had been using the solution. To date, at least 15 million individuals are believed to be impacted. 

The Russia-linked cyber crime gang has started naming victims that refused to negotiate on its leak website and Shell was among the first organisations. In a statement, Shell confirmed being hit by the MOVEit hack, clarifying that the MFT software was “used by a small number of Shell employees and customers”. 

“Some personal information relating to employees of the BG Group has been accessed without authorisation,” the company said.  It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified. Toll-free phone numbers where additional information can be obtained have been made available for employees in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands, suggesting that affected people may be from these countries. 

Shell's emphasis that “this was not a ransomware event”, refers to the fact that file-encrypting malware was not deployed in the attack, and that there is no evidence of any other IT systems being affected. 

Shell confirmed the incident after the Cl0p cyber crime gang published files allegedly stolen from the firm. The group has made available 23 archive files labeled ‘part1’, which could suggest that they are in possession of more data. When they published the Shell files, the cyber criminals noted that the company did not want to negotiate.

Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service. The company confirmed at the time that the hackers had stolen personal and corporate data. 

Other major organisations that have been named by Cl0p and confirmed being affected by the recent MOVEit exploit include Siemens Energy, Schneider Electric, UCLA and EY. Some government organisations have also admitted being hit, but the cyber criminals claim to have deleted all data obtained from these types of entities. 

Cl0p’s hack of MOVEit has claimed a number of victims in the UK, including the BBC, airlines British Airways and Aer Lingus and numerous others. 

Shell:    CISA:     Security Week:     The Record:     Cybernews:    Techcrunch:   Image: Anoop

You Might Also Read:   .

USA & Europe Undergoing  A Wave Of Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Russian Hackers Hit Ukrainian Security Services
JumpCloud Says Nation-State Hackers Hit Specific Customers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Alertot

Alertot

Hackers attack minutes after a new vulnerability is published. Alertot helps to decrease exposure time in organizations by notifying new issues when they are disclosed.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.

CelcomDigi

CelcomDigi

CelcomDigi aspire to be Malaysia’s top Telco-Tech company, transforming beyond core connectivity to lead digitalization and innovation as part of nation-building.