What Shell, Hitachi, and Rubrik attacks reveal about Cl0p

Energy giants Shell and Hitachi, and cybersecurity company Rubrik, alongside many others, have recently fallen victim to ransomware syndicate Cl0p. Experts believe these fresh attacks reveal something about the cyber gang.

While criminals revealing their lock-picking tools might seem careless, it also may point to the tool being obsolete, says Karim Hijazi, the CEO of cybersecurity firm Cyligence.

“It would not surprise me to learn that once initial access had been established via the zero-day, a secondary stage persistence and reconnaissance implant would have been deployed. This might be the reason for their admittance to using the zero-day, since its utility was now no longer needed,” Hijazi told Cybernews.

The gang’s openness about the zero-day reveals something about the attack itself. Once Cl0p’s affiliates breached scores of companies using the bug, they snooped around inside the victim’s systems, moving laterally and collecting data.

Given the alleged volume of breached companies, the attack either required close coordination between a significant number of affiliates or a lengthy operation carried out by a few dedicated members.

“It was clearly a matter of time until a patch was made available for the vulnerability, which is likely the reason for Cl0p’s accelerated pace,” Hijazi said.