Nortonlifelock Falls Victim to Clop Hackers
Nortonlifelock, a renowned cybersecurity company known for their antivirus software, Norton Antivirus, has fallen prey to the hacker group, Clop, who specialize in extortion. The hackers posted compromising information on their page in a dark network and threatened to publish stolen data unless Nortonlifelock pays a ransom.
According to sources, the hackers took advantage of a vulnerability in the cloud MFT solution to move Moveit Transfer files from Progress Software. The criminals then used brutiva to choose passwords for the SQL database and gained full access to the web re-government. As a result, they were able to download and manage confidential files from many companies, including Nortonlifelock. Despite the fact that the vulnerability was corrected soon after discovery, it did not help prevent the attack.
Nortonlifelock is one of over 80 companies that were declared as Clop victims on their leakage site in the Darknet. It remains unclear which of the several detected Moveit Transfer vulnerabilities was used or whether the MFT platform is involved in the leakage in general.
Currently, there is no record of negotiations with Norton on the Clop website. It is typical for hackers to report and publish stolen data if the company refuses to pay a ransom. However, in the case of Norton, the record only mentions the compromise of the company’s data. Negotiations can take several weeks, especially if the company is willing to pay but needs to discuss the amount of ransom.
The situation is a significant blow to Nortonlifelock’s reputation. Even if Norton is not at fault, and all responsibility lies with Moveit, the leak still undermines confidence in the company.
The extent of Norton’s compromise is unknown, and it is uncertain how they were compromised. Regardless, the company should offer users preventive measures that minimize the chances of malicious data operation. One of the best ways to counteract 0-day vulnerabilities is through a solution for zero trusts. Although these solutions have their drawbacks, such as high resource consumption and delays in access, their effectiveness is high. Proper tuning would not allow any program to perform an action without thorough verification, which could prevent Clop hackers from operating during the vulnerability of Moveit.