A security exploit for a file transfer tool is behind data breaches at the BBC, British Airways, and more.
Attackers using an unpatched exploit for Progress Software’s MOVEit Transfer product breached a number of large companies. TechCrunch lists BBC, BA, and Nova Scotia’s government as known victims already.
Microsoft Threat Intelligence linked these to an affiliate of the Clop ransomware group, which TechCrunch notes has previously attacked exploits in other file transfer tools like GoAnywhere, and typically demands payment to not post the stolen records online.