Shell Confirms Supply Chain Attack

The energy giant Shell is another one of a number of leading organisations that have been hacked. 

Shell has confirmed that employee personal data has been compromised by a recent MOVEit Transfer hack after the CI0p cybercrime group listed the British oil and gas multinational on its Dark Web extortion site. “A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform.

MOVEit Transfer is used by a small number of Shell employees and customers,” says Shell in a statement. “This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.”

Some personal information relating to employees of the BG Group has been accessed without authorisation.
It is the second time that Shell, which employs more than 80,000 people globally and reported revenues in excess of $381 billion last year, has been hit by the Cl0p gang targeting a file transfer service.

The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product to steal data from around 130 organisations that had been using the solution. To date, at least 15 million individuals are believed to be impacted. 

The Russia-linked cyber crime gang has started naming victims that refused to negotiate on its leak website and Shell was among the first organisations. In a statement, Shell confirmed being hit by the MOVEit hack, clarifying that the MFT software was “used by a small number of Shell employees and customers”. 

“Some personal information relating to employees of the BG Group has been accessed without authorisation,” the company said.  It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified. Toll-free phone numbers where additional information can be obtained have been made available for employees in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands, suggesting that affected people may be from these countries. 

Shell's emphasis that “this was not a ransomware event”, refers to the fact that file-encrypting malware was not deployed in the attack, and that there is no evidence of any other IT systems being affected. 

Shell confirmed the incident after the Cl0p cyber crime gang published files allegedly stolen from the firm. The group has made available 23 archive files labeled ‘part1’, which could suggest that they are in possession of more data. When they published the Shell files, the cyber criminals noted that the company did not want to negotiate.

Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service. The company confirmed at the time that the hackers had stolen personal and corporate data. 

Other major organisations that have been named by Cl0p and confirmed being affected by the recent MOVEit exploit include Siemens Energy, Schneider Electric, UCLA and EY. Some government organisations have also admitted being hit, but the cyber criminals claim to have deleted all data obtained from these types of entities. 

Cl0p’s hack of MOVEit has claimed a number of victims in the UK, including the BBC, airlines British Airways and Aer Lingus and numerous others. 

Shell:    CISA:     Security Week:     The Record:     Cybernews:    Techcrunch:   Image: Anoop

You Might Also Read:   .

USA & Europe Undergoing  A Wave Of Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Russian Hackers Hit Ukrainian Security Services
JumpCloud Says Nation-State Hackers Hit Specific Customers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

C2SEC

C2SEC

C2Sec provides an innovative analytics platform that assesses and quantifies cyber risks in financial terms based on combining patented big data, AI, and cybersecurity technologies.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.