UCLA confirmed this week that it is among dozens of institutions and companies that had data stolen in a cyber attack, that government officials have blamed on a ransomware gang known as, "CL0P."
"The university notified the FBI and worked with external cybersecurity experts to investigate the matter and determine what happened, what data was impacted and to whom the data belongs," a UCLA spokesperson told the I-Team, who declined to be interviewed or answer questions about what kind of data was stolen, or who on the campus may have been affected.
According to bulletins from the U.S. Cybersecurity and Infrastructure Security Agency and the F.B.I., beginning in May, 2023 thieves tied to the CL0P group used a previously unknown software vulnerability, also known as a 'zero day' exploit, to infect applications that interface with a file transfer system known as "MOVEit."
"Internet-facing MOVEit Transfer web applications were infected with a specific malware used by CL0P, which was then used to steal data from underlying MOVEit Transfer databases," CISA said in early June.
Get Southern California news, weather forecasts and entertainment stories to your inbox. Sign up for NBC LA newsletters.
MOVEit's owner, Progress Software, said it has been helping its customers patch the vulnerabilities and assisting authorities with investigating the theft.
"We have engaged with federal law enforcement and other agencies and are committed to playing a collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products," an unnamed spokesperson for Progress Software emailed Tuesday.
The CL0P group is believed to be based in Russia or Eastern Europe, and has claimed responsibility for numerous cyber attacks that typically lead to demands for ransom payments, security researcher Brett Callow with the firm Emsisoft told the I-Team.
Local
Get Los Angeles's latest local news on crime, entertainment, weather, schools, COVID, cost of living and more. Here's your go-to source for today's LA news.
"They are an extortion organization, they steal data, and demand money," Callow said. "They have hit hundreds of organizations over the years, sometimes en masse, and have breached other file transfer platforms in the past."
He said the group's posts about this theft have identified more than 130 victim organizations, and related disclosures from some of the victims have indicated the stolen files may include information about more than 15-million individuals.
"These file transfer platforms and other services that companies use are potentially a gold mine to cyber criminals," Callow said. "Normally if they hack their way into a company they've only got one attempt at extortion. If they manage to breach one of these file transfer applications, they can potentially have hundreds of victims."
