Estée Lauder Breached in Twin MOVEit Hacks, by Different Ransom Groups

  /     /     /  
Publicated : 23/11/2024   Category : security


Estée Lauder Breached in Twin MOVEit Hacks, by Different Ransom Groups


The cosmetics conglomerate was apparently breached through the infamous MOVEit flaw by both Cl0p and BlackCat, at roughly the same time.



Both the Cl0p and BlackCat ransomware gangs posted messages bragging about breaching Estée Lauder by way of the MOVEit flaw on the same day — but the two instances arent related.
On July 18, Estée Lauder Cos. disclosed a security incident, adding cyber-threat actors were able to compromise some data and that an investigation was ongoing. The company said some systems were shut down as a result of the hack.
The company is implementing measures to secure its business operations and will continue taking additional steps as appropriate, the
disclosure
said. During this ongoing incident, the company is focused on remediation, including efforts to restore impacted systems and services. The incident has caused, and is expected to continue to cause, disruption to parts of the companys business operations.
The same day, both BlackCat and Cl0p claimed to have breached Estée Lauder using the
MOVEit flaw
. Emsisoft threat analyst Brett Callow shared
images of the messages
from both groups.
We will not say much for now, except that we have not encrypted their networks, the BlackCat group wrote in its Dark Web posting claiming credit for one of the cyberattacks. Draw your own conclusions for now. Maybe the data was worth a lot more.
A briefer claim from Cl0p said the group has 131GB of data, plus archives belonging to Estée Lauder.
In its posting, BlackCat confirmed that the groups breach was completely separate from the Cl0p incident: ELC has been attacked by our colleagues at Cl0p regarding the
MOVEit vulnerability
attacks. We have reiterated to ELC that we are not associated with them.
Callow says the coincidence isnt as surprising as it may seem on the surface.  As far as I’m aware, there’s no reason to believe the incidents are related, Callow explains to Dark Reading. Given the very large number of organizations impacted by MOVEit, it’s inevitable that some will have other, unrelated incidents in close proximity.
And, as if two cyberattacks on the same day werent enough, Callow says Estée Lauders stolen data could be used in follow-on offensives.
The possibility exists that the data stolen by Cl0p may be being used to spear phish victims in fresh attacks, Callow says.
Other organizations which have been breached using the MOVEit flaw include
British Airways
, government agencies, 
Norton
,
UCLA, Siemens
,
Shell
, and many, many more.

Last News

▸ TweetDeck XSS flaw leads to potential exploit spread ◂
Discovered: 23/12/2024
Category: security

▸ DDoS attacks hit cloud services. ◂
Discovered: 23/12/2024
Category: security

▸ Microsoft issues 2 key updates, fixes 59 IE vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Estée Lauder Breached in Twin MOVEit Hacks, by Different Ransom Groups