A gang of ransomware hackers claim data theft at Investissement Québec and Rio Tinto.
On his site in the hidden web (dark web), the Clop group claims to have stolen information from the state-owned company and the mining giant. Contacted by The PressInvestissement Québec explains that a “confidentiality incident” affected a file sharing platform it uses, GoAnywhere MFT by Fortra.
“Certain personal information concerning employees and former employees is in question,” said the vice-president of communications, Gladys Caron. All staff are affected.
The Journal of Montreal revealed in February that staff at the state-owned company had been the victim of a data theft, without giving information on the compromised supplier or the gang responsible for this cybercrime.
The financial arm of the government specifies that the attack affected only the GoAnywhere platform, and not the state company itself. “The systems of Investissement Québec are not affected, assures the spokesperson. We quickly took all the necessary measures. »
She adds that the organization’s clients “are not at risk”. As for the compromised data on its personnel, “all adequate measures have been implemented to protect them”, says Gladys Caron.
Investissement Québec says no more “for security reasons”.
So far, Clop has not released any information stolen from the state corporation, while data from many other victims of the gang can be found on his site.
Investissement Québec manages a $6.1 billion portfolio for the government.
Rio Tinto also in the list
The Clop ransomware group has also added Rio Tinto to the list of its victims on its site, still without publishing files for the moment. The multinational has a strong presence in Quebec in the aluminum and iron sector. It was not immediately possible to obtain his comments.
The Toronto investment fund Onex is also among the victims of cybercriminals.
The GoAnywhere platform infiltrated
In February, Clop would have come into contact with a journalist from the specialized site Bleeping Computerto whom he explained that he had found a new vulnerability (zero day) in the GoAnywhere File Transfer Tool. By exploiting it, the gang claims to have been able to steal information from 130 organizations that use it in 10 days.
Bleeping Computer was unable to independently confirm these claims.
On Wednesday, a spokesperson for Onex allegedly acknowledged anonymously that the hackers had reached it through this service, according to the specialized site IT World Canada.
Data soon to be published?
If Clop still hasn’t released information on Investissement Quebec, Rio Tinto and Onex, the gang could do so quickly, as it did with other victims of the attack on GoAnywhere. “They seem to be moving really fast in this case,” said Brett Callow, threat analyst at antivirus firm Emsisoft.
“This is the second time that Clop has exploited vulnerabilities in a file exchange platform,” notes the expert. In 2021, the gang had hit the Accellion FTA platform and stole information on military technology from Bombardier Aerospace and data from the City of Toronto.
Hackers regularly post new names of alleged victims of their attack on GoAnywhere, and Brett Callow expects to find other Canadian organizations there, “in both the public and private sectors.”