experts found out which country hackers work from

Deutsche Bank, one of the largest banks in the world, has become the latest target in a long list of Cl0p victims. Bank customer data was compromised after hackers exploited a vulnerability MOVEit Transfer infiltrated the system of the Majorel bank service provider.

Majorel, a service provider for switching between bank accounts, has entered into a contract with Deutsche Bank and Postbank, owned by Deutsche Bank. Therefore, the malicious actions of cybercriminals led to a wave of attacks on other leading banks in Europe besides Postbank – ING Bank and Comdirect.

During the incident, data was stolen from ING Bank for a “small four-digit number of customers” who used the account switching feature. In turn, a representative of Commerzbank, the parent company of Comdirect, said that they were only affected by a data leak at Majorel with the Comdirect brand. Commerzbank brand customers are not affected.

According to the notice from Deutsche Bank, the name, surname of the clients, as well as the IBAN number (international bank account number) were stolen. This information is enough for the criminal to make an unauthorized debit from the account. However, a Deutsche spokesperson said the attacker did not access the accounts directly.

It is reported that the leak only affected customers who used the Deutsche or Postbank account switching service in 2016-2018 and 2020. Neither Deutsche nor Postbank said how many customers may have been affected by the leak.

According to new investigation experts cybernews, the group operates from the territory of Ukraine. Experts say that one of the key developers of the Cl0p virus is located in Kramatorsk, Ukraine.

An anonymous security researcher found one of the Cl0p developers on the dark web and contacted him. The hacker’s name was not released, but his IP address indicated that he was based in Kramatorsk.

Clop ransomware is responsible for two of the biggest attacks this year, each affecting more than a hundred organizations. Both attacks exploited zero-day vulnerabilities in popular MFT -platforms. In January, the service became a victim of hackers. goanywhere from Fortra and at the end of May MOVEit Transfer from Progress Software .

In addition, two of the Big Four accounting firms, PwC and EY, launched an investigation into data breach incidents associated with the actions of the Clop hacker group. hackers demanded a ransom from companies for not publishing their internal data. The group used vulnerability in file transfer software MOVEit Transfer by Progress Software, which was discovered in May 2021.