Ransomware group targets BA, BBC, Boots.

Jun 06 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter gives cybercriminals all the respect the BBC gave Andrew Tate. #FreeTopG ????

Today’s hottest cyber security stories:

  • ‘Clop’ ransomware group targets BA, BBC, Boots via MOVEit vuln.

  • Chinese PostalFurious gang is ‘smishing’ U.A.E… Uh, furiously.

  • Hackers blow up Atomic Wallet… $35 million eviscerates

I like to MOVEit, MOVEit

Uh-oh, this could be shaping up to be the biggest ransomware heist in history, folks! The scale is unmatched and, if the bastards are successful, there’s no telling how much Clop will be able to extort from corporations of this size.

Here’s the details we know so far, but be aware this story is still developing fast! ????

And FYI, MOVEit is automated and secure managed file transfers software for sensitive data and advanced workflow automation capabilities and as of May 31, there were roughly 2,500 instances of MOVEit Transfer exposed to the public internet.

The BBC, British Airways, and Boots have experienced a cyber incident where employee personal data, including bank and contact details, has been compromised by hackers.

The responsible party, a ransomware group known as Clop, has taken credit for the breaches, which revolve around the MOVEit file transfer software.

In a communication with Reuters on Monday, the hackers explicitly stated that they were responsible for the attack.

Clop then warned that those who refused to pay a ransom would be publicly exposed on the group's website.

Earlier investigations conducted by Microsoft pointed to the involvement of a Russian-speaking ransomware gang in this attack.

Recent reports revealed that cyber criminals exploited a zero-day vulnerability, a previously unknown flaw, in the MOVEit file transfer system, which is developed by Progress Software.

This allowed the hackers to gain access to information from numerous global companies utilising MOVEit Transfer.

The impact of this incident is extensive, affecting thousands of firms. This may be the scariest hack we’ve ever covered here at Gone Phishing.

It’s actually scared us pun-less ????


Okay, let’s try and lighten the mood slightly… There’s this phishing gang called PostalFurious, and they're up to some mischief with a new SMS campaign in the U.A.E.!

Oh, dw they’re more of the same devious cybercriminals but at least they were complicit in introducing us to the term smishing.

They're pretending to be postal services and toll operators, trying to trick users into paying fake vehicle trip fees to avoid extra fines.

"The URLs from the texts lead to fake branded payment pages that ask for personal details, such as name, address, and credit card information," Group-IB said.

"The phishing pages appropriate the official name and logo of the impersonated postal service provider."

FYI, Group-IB “protects the largest organisations and financial institutions worldwide from online fraud, threat actors and scam campaigns.” Their words lol.

Some of our staff (yes, we have a Dubai office ????) have even been personally affected by this one, though too smart to fall for it I should add.

The text messages they send contain a tricky shortened URL to hide their true phishing intentions.

But here's the kicker: when unsuspecting folks click on the link, they're taken to a totally fake landing page. Yes, it’s a trap. Smishing 101, right? The landing page is designed to capture all their payment credentials and personal data.

This particular shenanigan has been going on since April 15, 2023.


Atomic Wallet apparently met its match when it fell victim to a lucrative crypto heist on Saturday.

A total of at least $35 million has been nabbed but experts reckon when all’s said and done it’ll be more like $50 million, or more!

The part of the story that made us gasp the most though was how the robbery affected one specific Atomic wallet holder. Allow us to paint you a picture…

Ever lost your wallet? It’s annoying, isn’t it? Cancelling all your cards. Trying to remember how much cash was in it. £10 £20? £50?

Now, imagine that exact same scenario, except instead of a few notes there was $7.95 million dollars in it. That’s what happened to one poor soul who trusted Atomic Wallet with his Tether cryptocurrency. Geez, can you imagine?

FYI, Atomic Wallet is a crypto wallet that is used for buying, staking, and exchanging bitcoin, ethereum, XRP, litecoin, USDT, and over 1,000 other coins and tokens. The company claims it has over five million users worldwide.

To be fair, the company said: “At the moment less than 1% of our monthly active users have been affected/reported. The last drained transaction was confirmed over 40h ago.”

So, silver-lining: looks like the worst is over. Best we can do in the way of good news today I’m afraid folks. Stay safe!

So long and thanks for reading all the phish!

Recent articles