{"id":95502,"date":"2023-07-19T11:00:00","date_gmt":"2023-07-19T11:00:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=95502"},"modified":"2023-07-19T11:00:00","modified_gmt":"2023-07-19T11:00:00","slug":"blackcat-and-clop-gangs-both-claim-cyber-attack-on-estee-lauder","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95502","title":{"rendered":"BlackCat and Clop gangs both claim cyber attack on Est\u00e9e Lauder"},"content":{"rendered":"
<\/div>\n

Est\u00e9e Lauder Companies<\/a>, the organisation behind global cosmetics brands such as Aveda, Clinique, Est\u00e9e Lauder, Mac and Origins, has suffered a cyber attack that appears to have been the work of two distinct groups, namely the ALPHV\/BlackCat and Clop ransomware operations.<\/p>\n

Full details of the still-unfolding incident have yet to emerge, but in a statement, the organisation said it believed it has resulted in data exfiltration. It is currently seeking to establish the nature and scope of that data.<\/p>\n

In a statement<\/a>, the group said: \u201cThe Est\u00e9e Lauder Companies Inc has identified a cyber security incident, which involves an unauthorised third party that has gained access to some of the company\u2019s systems.<\/p>\n

\u201cAfter becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cyber security experts. The company is also coordinating with law enforcement.\u201d<\/p>\n

The organisation said it was currently implementing further measures to secure its operations and would take additional steps if needed. It added that it remains fully focused on remediation, including attempts to restore impacted systems, but acknowledged that the incident has and will continue to cause disruption to parts of its operations.<\/p>\n

Meanwhile, the disclosure has attracted attention in the security community since both BlackCat and Clop have claimed responsibility.<\/p>\n

On 18 July, Clop, the ransomware-cum-extortion operation behind the ongoing MOVEit Transfer breach<\/a>, named Est\u00e9e Lauder Companies on its dark web leak site, following either the failure or non-occurrence of negotiations.<\/p>\n

\n

<\/i>Other victims<\/h3>\n

At the same time, the gang named a number of other victims, according to researcher Dominic Alvieri<\/a>, including American Airlines and comms regulator Ofcom, which has already disclosed it was victimised in the MOVEit incident<\/a>.<\/p>\n

It remains unknown if Est\u00e9e Lauder Companies was itself a user of Progress Software\u2019s MOVEit Transfer file transfer tool, which was first attacked via a zero-day by Clop almost two months ago<\/a>, or whether it was compromised, as many others have been, via a third-party supplier.<\/p>\n

Later in the evening, BlackCat also named Est\u00e9e Lauder Companies to its own website. No details of how it supposedly accessed the victim\u2019s systems have been made public. Other recent victims claimed by the highly active gang include Barts NHS Trust<\/a> and storage supplier Western Digital<\/a>.<\/p>\n

In screengrabs shared by Emsisoft\u2019s<\/a> Brett Callow via Twitter<\/a>, a Clop representative claimed it had extracted 131GB of data from Est\u00e9e Lauder Companies. Its representative posted: \u201cThe company doesn\u2019t care about its customers, it ignored their security!!!\u201d<\/p>\n

A BlackCat representative wrote: \u201cEst\u00e9e Lauder, under the control of a family of billionaire heirs. Oh, what these eyes have seen. We will not say much for now, except that we have not encrypted their networks. Draw your own conclusions for now. Maybe their data was worth a lot more.<\/p>\n

\u201cAnd another note to the public, ELC been attacked [sic] by our colleagues at Cl0p regarding the MOVEit vulnerability attacks. We are not sure if anything came of this, but we only knew because they mentioned it in their emails.<\/p>\n

\u201cWe have reiterated to ELC that we are not associated with them and that this is completely separate.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Est\u00e9e Lauder Companies, the organisation behind global cosmetics brands such as Aveda, Clinique, Est\u00e9e Lauder, Mac and Origins, has suffered a cyber attack that appears to have been the work of two distinct groups, namely the ALPHV\/BlackCat and Clop ransomware operations. Full details of the still-unfolding incident have yet to emerge, but in a statement, […]<\/p>\n","protected":false},"author":1,"featured_media":95503,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-95502","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95502"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95502\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95503"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}