Saks Fifth Avenue Targeted by Clop Ransomware, Retailer Alleges No Genuine Data Compromised

Публикувано от Ари Дениал на Март 21, 2023

Luxury retailer Saks Fifth Avenue has reportedly been targeted by the Clop ransomware gang, according to information listed on their dark web leak site. However, the company has stated that the cyber attack did not impact any real customer data. The incident is just one example of Clop’s ongoing focus on exploiting vulnerabilities in GoAnywhere MFT servers that belong to established businesses.

Saks Fifth Avenue is a luxury brand retailer that was founded in 1867 by Andrew Saks and is currently headquartered in New York City. It serves customers in the United States, Canada, and parts of the Middle East and is considered one of the prominent names in the luxury retail industry.

The ongoing cyberattack on Saks Fifth Avenue by the Clop ransomware gang is believed to be linked to their larger campaign of targeting vulnerable GoAnywhere servers that have a security flaw.

A security flaw identified as CVE-2023-0669 is responsible for enabling the Clop ransomware gang to gain remote code execution on unpatched GoAnywhere MFT instances, particularly those with their administrative console exposed to the internet.

Fortra, the developer of GoAnywhere MFT, had informed its customers about the CVE-2023-0669 vulnerability being exploited as a zero-day in the wild and urged them to patch their systems. However, the official advisory has not been made public but was revealed by investigative journalist Brian Krebs.

According to a spokesperson from Saks Fifth Avenue, „Fortra, a vendor to Saks and many other companies, recently experienced a data security incident that led to mock customer data being taken from a storage location used by Saks.“

The mock customer data that was taken during the security incident does not contain any actual customer or payment card information. The data is solely used for testing purposes to simulate customer orders, another spokesperson added.

Saks Fifth Avenue has confirmed that it is conducting an ongoing investigation into the cyber security incident and is working alongside outside experts and law enforcement. The company also stated that it takes information security very seriously and is committed to ensuring the safety of the information it holds.