Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Saks Fifth Avenue becomes latest Clop ransomware victim

ransomware avast

The list of Clop ransomware victims keeps on growing, with the threat actor adding American retail icon Saks Fifth Avenue to its data leak website.

Saks Fifth Avenue is a luxury brand retailer, offering curated shops featuring the latest trends in apparel, shoes, handbags, and similar. 

While the threat actor did add the retailer’s name to the leak site, they did not provide any additional details, such as the type of data that was taken, or whom it belonged to (for example, customers, partners, or employees). 

Fake data

On the other hand, the company confirmed the data breach to BleepingComputer, with a spokesperson saying that it fell prey to the now-infamous GoAnywhere MFT vulnerability. It did, however, downplay the importance of the incident, saying the data the hackers took was bogus:

"Fortra, a vendor to Saks and many other companies, recently experienced a data security incident that led to mock customer data being taken from a storage location used by Saks," a Saks spokesperson told the publication. "The mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes."

The reporters followed up with a question whether corporate or employee data was taken, and were met with silence.

When Clop added Community Health Systems (CHS) to its data leak site in mid-February this year and claimed it had used a single vulnerability in GoAnywhere MFT to compromise 130 organizations, it’s safe to assume that very few people actually believed them, especially with the threat actors not backing these claims with any evidence at the time.

Since then, Clop added Hatch Bank, Hitachi Energy, Ferrari, and dozens of other companies, to the leak site, giving credence to its claims.

GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely. It was vulnerable to CVE-2023-0669, a pre-authentication command injection vulnerability in the License Response Servlet that allowed Clop’s members to execute malicious code, remotely. 

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.