UK: Hackers issue ultimatum after massive cyberattack

A large-scale cyberattack has targeted some of Britain's largest employers, including the BBC and British Airways. At the origin of the hack, which targets the personal data of 100,000 employees, a group called Clop and suspected of being in Russia.

Cyberattack (illustration). © REUTERS/Kacper Pempel/Illustration

Text by: RFI Follow


Read more

The warning, written in broken English, was posted on the dark web. "The purpose of this announcement is to inform companies using the Progress MOVEit product that we may be downloading a lot of your data as part of an exceptional feat," it reads. The message then invites the organizations affected by the attack to send an email before June 14 to the Clop group to start negotiations, failing which the stolen data will be published.

The attack targeted Zellis, a British payroll and human resources company. "A large number of companies around the world have been affected by a vulnerability" in the MOVEit software, provided by the American Progress Software and used by Zellis on a server that has since been disconnected, said Tuesday the company targeted by the attack to AFP.

Last week, Progress Software said on its website that it had "discovered a vulnerability in MOVEit Transfer" that could lead to "unauthorized access". The group recommended that its customers "take immediate action," including "deleting unauthorized user files and accounts."

Among the companies affected, the BBC said the stolen data included staff identification numbers, dates of birth, home addresses and national insurance numbers. British Airways and Boots pharmacies were also among the victims of the attack. According to The Daily Telegraph, "up to 100,000British workers" may have been affected. According to this newspaper, the compromised data within British Airways also includes bank details and the airline Aer Lingus is also concerned.

Attacks attributed to Russian-linked groups increased after the start of the war in Ukraine. The National Cyber Security Centre (NCSC) said it was "working to fully understand the impact in the UK" of the attack.


With AFP)

Newsletter Receive all the international news directly in your mailbox

I subscribe

Follow all the international news by downloading the RFI application

Read on on the same topics:

  • United Kingdom
  • Cybercrime