No related posts found.
PwC Australia has confirmed it used software exposed by a cyber attack perpetrated by Russia-affiliated Cl0p Ransomware Gang.
The MOVEit software was reportedly deployed by a number of major organisations around the world, including US government agencies and British broadcaster BBC.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), Cl0p — also known as TA505 — began exploiting a previously unknown vulnerability impacting file transfer capabilities in May 2023.
MOVEit web applications were infected with malware used by the criminal organisation, which stole data from MOVEit databases.
As a result, CISA urged all organisations using the software to implement mitigations and shore-up their cyber security postures.
A PwC spokesperson told the media the organisation was aware of the breaches and has responded to the threat.
“We are aware that MOVEit, a third-party transfer platform, has experienced a cyber security incident which has impacted hundreds of organisations including PwC,” a PwC spokesman told The Australian Financial Review.
“…We have reached out to the small number of clients whose files were impacted to discuss the incident.”
PwC said it ceased using the software as soon as it became aware of the breaches and added its own IT network had not been compromised.
“Data security is a key priority for PwC and we continue to put the right resources and safeguards in place to protect our network,” PwC added.
Fellow consultancy firm EY has also opened an investigation into its deployment of the software, but stressed most of its systems were not impacted.
“We immediately launched an investigation into our use of the tool and took urgent steps to safeguard any data,” the spokeswoman said.
“…Our priority is to first communicate to those impacted, as well as the relevant authorities,” she said.
“Our investigation is ongoing.”
The US State Department’s Rewards for Justice (RFJ) is offering a bounty of up to US$10 million (AU$14.5 million) for information related to the operations of Cl0p or the location of affiliated hackers.
