UCLA

UCLA among victims of worldwide cyber attack

UCLA confirmed this week it is among dozens of institutions and businesses affected by a worldwide cyber theft.

NBC Universal, Inc.

UCLA confirmed this week that it is among dozens of institutions and companies that had data stolen in a cyber attack. Eric Leonard reports for the NBC4 News on June 28, 2023.

UCLA confirmed this week that it is among dozens of institutions and companies that had data stolen in a cyber attack, that government officials have blamed on a ransomware gang known as, "CL0P."

"The university notified the FBI and worked with external cybersecurity experts to investigate the matter and determine what happened, what data was impacted and to whom the data belongs," a UCLA spokesperson told the I-Team, who declined to be interviewed or answer questions about what kind of data was stolen, or who on the campus may have been affected.

According to bulletins from the U.S. Cybersecurity and Infrastructure Security Agency and the F.B.I., beginning in May, 2023 thieves tied to the CL0P group used a previously unknown software vulnerability, also known as a 'zero day' exploit, to infect applications that interface with a file transfer system known as "MOVEit."

"Internet-facing MOVEit Transfer web applications were infected with a specific malware used by CL0P, which was then used to steal data from underlying MOVEit Transfer databases," CISA said in early June.

MOVEit's owner, Progress Software, said it has been helping its customers patch the vulnerabilities and assisting authorities with investigating the theft.

"We have engaged with federal law enforcement and other agencies and are committed to playing a collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products," an unnamed spokesperson for Progress Software emailed Tuesday.

The CL0P group is believed to be based in Russia or Eastern Europe, and has claimed responsibility for numerous cyber attacks that typically lead to demands for ransom payments, security researcher Brett Callow with the firm Emsisoft told the I-Team.

Local

Get Los Angeles's latest local news on crime, entertainment, weather, schools, COVID, cost of living and more. Here's your go-to source for today's LA news.

19-year-old man arrested in shooting deaths of 4 at burning Lancaster home

California's 45th U.S. House District in Orange and LA counties still undecided

"They are an extortion organization, they steal data, and demand money," Callow said. "They have hit hundreds of organizations over the years, sometimes en masse, and have breached other file transfer platforms in the past."

He said the group's posts about this theft have identified more than 130 victim organizations, and related disclosures from some of the victims have indicated the stolen files may include information about more than 15-million individuals.

"These file transfer platforms and other services that companies use are potentially a gold mine to cyber criminals," Callow said. "Normally if they hack their way into a company they've only got one attempt at extortion. If they manage to breach one of these file transfer applications, they can potentially have hundreds of victims."

Exit mobile version