Zellis, a payroll provider serving the UK and Ireland, and some its customers have been impacted by the exploitation of a zero-day vulnerability in the file transfer tool MOVEit. Microsoft security researchers have attributed the attack to Lace Tempest, a group affiliated with Clop ransomware. The group responsible has posted a warning to the impacted companies on the dark web: Get in touch by June 14 or the stolen employee data will be published, BBC News reports.
How can Zellis customers respond, and what can other enterprises do to manage their third-party risk?
The Attack
Progress Software offers the MOVEit file transfer software. On May 31, the company discovered a vulnerability (CVE-2023-34362) in MOVEit Transfer and MOVEit Cloud. “This zero-day vulnerability can grant escalated privileges and unauthorized access, which can lead to exfiltration of sensitive data and eventual monetization of that data through dark web markets and other means, including ransomware,” John Ghose, partner with privacy and cybersecurity firm VeraSafe and former federal cybercrime prosecutor, tells InformationWeek.
Zellis confirmed in a brief statement “… that a small number of our customers…
