Shell Confirms Supply Chain Attack

The energy giant Shell is another one of a number of leading organisations that have been hacked. 

Shell has confirmed that employee personal data has been compromised by a recent MOVEit Transfer hack after the CI0p cybercrime group listed the British oil and gas multinational on its Dark Web extortion site. “A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform.

MOVEit Transfer is used by a small number of Shell employees and customers,” says Shell in a statement. “This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.”

Some personal information relating to employees of the BG Group has been accessed without authorisation.
It is the second time that Shell, which employs more than 80,000 people globally and reported revenues in excess of $381 billion last year, has been hit by the Cl0p gang targeting a file transfer service.

The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product to steal data from around 130 organisations that had been using the solution. To date, at least 15 million individuals are believed to be impacted. 

The Russia-linked cyber crime gang has started naming victims that refused to negotiate on its leak website and Shell was among the first organisations. In a statement, Shell confirmed being hit by the MOVEit hack, clarifying that the MFT software was “used by a small number of Shell employees and customers”. 

“Some personal information relating to employees of the BG Group has been accessed without authorisation,” the company said.  It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified. Toll-free phone numbers where additional information can be obtained have been made available for employees in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands, suggesting that affected people may be from these countries. 

Shell's emphasis that “this was not a ransomware event”, refers to the fact that file-encrypting malware was not deployed in the attack, and that there is no evidence of any other IT systems being affected. 

Shell confirmed the incident after the Cl0p cyber crime gang published files allegedly stolen from the firm. The group has made available 23 archive files labeled ‘part1’, which could suggest that they are in possession of more data. When they published the Shell files, the cyber criminals noted that the company did not want to negotiate.

Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service. The company confirmed at the time that the hackers had stolen personal and corporate data. 

Other major organisations that have been named by Cl0p and confirmed being affected by the recent MOVEit exploit include Siemens Energy, Schneider Electric, UCLA and EY. Some government organisations have also admitted being hit, but the cyber criminals claim to have deleted all data obtained from these types of entities. 

Cl0p’s hack of MOVEit has claimed a number of victims in the UK, including the BBC, airlines British Airways and Aer Lingus and numerous others. 

Shell:    CISA:     Security Week:     The Record:     Cybernews:    Techcrunch:   Image: Anoop

You Might Also Read:   .

USA & Europe Undergoing  A Wave Of Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Russian Hackers Hit Ukrainian Security Services
JumpCloud Says Nation-State Hackers Hit Specific Customers »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Segra

Segra

Segra owns and operates one of the nation’s largest fiber networks and provides best-in-class broadband and data security solutions throughout the Southeast and Mid-Atlantic.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.