{"id":52274,"date":"2023-06-09T14:44:57","date_gmt":"2023-06-09T14:44:57","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34710\/Ransomware-Gang-Clop-Prepped-Zero-Day-MOVEit-Attacks-In-2021.html"},"modified":"2023-06-09T14:44:57","modified_gmt":"2023-06-09T14:44:57","slug":"ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/","title":{"rendered":"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/06\/file-ftp-hack-mitm.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The Clop ransomware group, which claims to have stolen data from hundreds of MOVEit Transfer users and their customers, may have been experimenting with the zero-day vulnerability for almost two years.<\/p>\n<p>A forensic review of the exploitation, carried out by researchers at Kroll, indicates the Clop cybergang was likely experimenting with the now-patched file transfer vulnerability (<a rel=\"noreferrer noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-34362\" target=\"_blank\">CVE-2023-34362<\/a>) as early as July 2021.<\/p>\n<p>\u201cThis finding illustrates the sophisticated knowledge and planning that go into mass exploitation events such as the MOVEit Transfer cyberattack,\u201d Kroll researchers said in a <a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">T<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">h<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">u<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">r<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">s<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">d<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\">a<\/a><a href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\" rel=\"noreferrer noopener\">y<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/www.kroll.com\/en\/insights\/publications\/cyber\/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362\" target=\"_blank\"> report<\/a>.<\/p>\n<p>Organizations that have reported having <a href=\"https:\/\/www.scmagazine.com\/news\/data-security\/millions-users-vulnerable-zero-day-moveit-file-transfer-app\" target=\"_blank\" rel=\"noreferrer noopener\">data exfiltrated by the group last month<\/a> include the BBC, British Airways, UK drugstore chain Boots, the provincial government of Nova Scotia, and payroll service provider Zellis. Employee data from the BBC, BA and Boots was exposed because the three organizations used Zellis\u2019 services.<\/p>\n<p>Nova Scotia officials disclosed on <a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">T<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">u<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">e<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">s<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">d<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">a<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/novascotia.ca\/news\/release\/?id=20230606004\" target=\"_blank\">y<\/a> that up to 100,000 of the province\u2019s healthcare and public service workers may be impacted by the attack.<\/p>\n<h2>Lining up its attacks<\/h2>\n<p>Kroll\u2019s discovery that Clop knew about the vulnerability for almost two years suggests it may have had it available when they launched a previous high-profile attack earlier this year.<\/p>\n<p>\u201cAccording to these observations, the Clop threat actors potentially had an exploit for the MOVEit Transfer vulnerability prior to the&nbsp;<a href=\"https:\/\/www.scmagazine.com\/news\/ransomware\/after-goanywhere-mft-hack-hhs-again-warns-of-clop-ransomware-threat\">GoAnywhere MFT secure file transfer tool exploitation<\/a>&nbsp;in February 2023 but chose to execute the attacks sequentially instead of in parallel,\u201d Kroll\u2019s report said.<\/p>\n<p>Russian-backed Clop, <a href=\"https:\/\/www.scmagazine.com\/news\/ransomware\/group-behind-clop-ransomware-exploiting-moveit-zero-day-says-microsoft\">also known as Lace Tempest, TA505, and FIN11<\/a>, claimed responsibility for attacks that exploited a zero-day vulnerability in Fortra\u2019s GoAnywhere Managed File Transfer solution, which targeted more than 130 organizations and compromised information belonging to over a million patients.<\/p>\n<p>In a <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-158a\">Wednesday joint advisory<\/a>, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said the MOVEit Transfer SQL injection vulnerability exploit was similar to a 2020-21 campaign where the group installed a DEWMODE web shell on <a href=\"https:\/\/www.scmagazine.com\/analysis\/ransomware\/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit\" target=\"_blank\" rel=\"noreferrer noopener\">Accellion FTA servers<\/a>.<\/p>\n<p>\u201cDue to the speed and ease TA505 has exploited this vulnerability, and based on their past campaigns, FBI and CISA expect to see widespread exploitation of unpatched software services in both private and public networks,\u201d the advisory read.<\/p>\n<h2>Almost two years of suspicious log activity<\/h2>\n<p>Kroll said its analysis of impacted MOVEit clients revealed \u201ca broad swath of activity associated with the vulnerability\u201d took place around Memorial Day weekend (May 27-28). Holiday weekends are a favored time for threat actors to launch major offensives, an example being the <a href=\"https:\/\/www.scmagazine.com\/news\/cybercrime\/turn-off-your-heart-kaseya-vsa-ransomware-hits-msps-in-a-vital-organ\" target=\"_blank\" rel=\"noreferrer noopener\">Kaseya supply chain attack<\/a> on July 3, 2021.<\/p>\n<p>Clop\u2019s Memorial Day weekend activity appeared to involve instigating an attack chain leading to the human2.aspx web shell being deployed, and was centered around interaction between moveitisapi\/moveitisapi.dll and guestaccess.aspx, two legitimate MOVEit Transfer components.<\/p>\n<p>Kroll said a review of Microsoft Internet Information Services (IIS) logs of impacted clients found evidence of similar activity in multiple client environments in April 2022 and as early as July 2021.<\/p>\n<p>The 2022 activity, plus activity seen in the weeks leading up to last month\u2019s attacks, suggested \u201cactors were testing access to organizations via likely automated means and pulling back information from the MOVEit Transfer servers to identify which organization they were accessing\u201d.<\/p>\n<p>The malicious activity appeared to be aimed at exfiltrating Organization IDs (\u201cOrg IDs\u201d) which identified specific MOVEit Transfer users and would have helped Clop determine which organizations it could access.<\/p>\n<h2>Clop claims hundreds of victims<\/h2>\n<p>On its website this week Clop claimed responsibility for the MOVEit attacks and said victims had until July 14 to make contact if they did not want their names published on the site. It would provide examples of exfiltrated data, it said, and if ransom deals were not successfully negotiated it would publish the stolen information.<\/p>\n<p>Mandiant Consulting\u2019s chief technology officer, Charles Carmakal said in a&nbsp;<a href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7072007022946258944\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn post<\/a> Clop was \u201coverwhelmed with the number of victims\u201d MOVEit has provided.<\/p>\n<p>\u201cInstead of directly reaching out to victims over email or telephone calls like in prior campaigns, they are asking victims to reach out to them via email,\u201d he said, adding that the group\u2019s threat to publish the names of victims that did not make contact by July 14 \u201cwill be a complete debacle\u201d.<\/p>\n<p>In its report, Kroll said after the GoAnywhere attacks, Clop added the names of almost 100 targeted organizations to its site.<\/p>\n<p>\u201cPresently, over 100 victims have at least one post containing stolen data, and nearly 75% of victims have had more than one post exposing data,\u201d the researchers said.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34710\/Ransomware-Gang-Clop-Prepped-Zero-Day-MOVEit-Attacks-In-2021.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":52275,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[6247],"class_list":["post-52274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackermalwareflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-09T14:44:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/06\/file-ftp-hack-mitm.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021\",\"datePublished\":\"2023-06-09T14:44:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/\"},\"wordCount\":770,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg\",\"keywords\":[\"headline,hacker,malware,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/\",\"name\":\"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg\",\"datePublished\":\"2023-06-09T14:44:57+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg\",\"width\":800,\"height\":522},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwareflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-06-09T14:44:57+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/06\/file-ftp-hack-mitm.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021","datePublished":"2023-06-09T14:44:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/"},"wordCount":770,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg","keywords":["headline,hacker,malware,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/","name":"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg","datePublished":"2023-06-09T14:44:57+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021.jpg","width":800,"height":522},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-gang-clop-prepped-zero-day-moveit-attacks-in-2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwareflaw\/"},{"@type":"ListItem","position":3,"name":"Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52274"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52274\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/52275"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}