Shell Confirms Supply Chain Attack

The energy giant Shell is another one of a number of leading organisations that have been hacked. 

Shell has confirmed that employee personal data has been compromised by a recent MOVEit Transfer hack after the CI0p cybercrime group listed the British oil and gas multinational on its Dark Web extortion site. “A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform.

MOVEit Transfer is used by a small number of Shell employees and customers,” says Shell in a statement. “This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.”

Some personal information relating to employees of the BG Group has been accessed without authorisation.
It is the second time that Shell, which employs more than 80,000 people globally and reported revenues in excess of $381 billion last year, has been hit by the Cl0p gang targeting a file transfer service.

The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product to steal data from around 130 organisations that had been using the solution. To date, at least 15 million individuals are believed to be impacted. 

The Russia-linked cyber crime gang has started naming victims that refused to negotiate on its leak website and Shell was among the first organisations. In a statement, Shell confirmed being hit by the MOVEit hack, clarifying that the MFT software was “used by a small number of Shell employees and customers”. 

“Some personal information relating to employees of the BG Group has been accessed without authorisation,” the company said.  It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified. Toll-free phone numbers where additional information can be obtained have been made available for employees in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands, suggesting that affected people may be from these countries. 

Shell's emphasis that “this was not a ransomware event”, refers to the fact that file-encrypting malware was not deployed in the attack, and that there is no evidence of any other IT systems being affected. 

Shell confirmed the incident after the Cl0p cyber crime gang published files allegedly stolen from the firm. The group has made available 23 archive files labeled ‘part1’, which could suggest that they are in possession of more data. When they published the Shell files, the cyber criminals noted that the company did not want to negotiate.

Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service. The company confirmed at the time that the hackers had stolen personal and corporate data. 

Other major organisations that have been named by Cl0p and confirmed being affected by the recent MOVEit exploit include Siemens Energy, Schneider Electric, UCLA and EY. Some government organisations have also admitted being hit, but the cyber criminals claim to have deleted all data obtained from these types of entities. 

Cl0p’s hack of MOVEit has claimed a number of victims in the UK, including the BBC, airlines British Airways and Aer Lingus and numerous others. 

Shell:    CISA:     Security Week:     The Record:     Cybernews:    Techcrunch:   Image: Anoop

You Might Also Read:   .

USA & Europe Undergoing  A Wave Of Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Russian Hackers Hit Ukrainian Security Services
JumpCloud Says Nation-State Hackers Hit Specific Customers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Zentek Forensics (ZFL)

Zentek Forensics (ZFL)

Zentek Forensics has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

Roke Manor Research

Roke Manor Research

Roke Manor Research is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Sysnet Global Solutions

Sysnet Global Solutions

Sysnet provides payment card industry, cyber security and compliance solutions that help businesses to improve security and acquiring organisations to reduce risk.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Cyscale

Cyscale

Cyscale is a consultancy and development agency helping Enterprises adopt and migrate to the Cloud by providing an Automated Cloud Security Platform.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.