Data Leaks: Cyber Gang cl0p Claims Stolen Data from Carglass, Fluke, NHS

The cyber gang cl0p remains active and continues to steal data from many companies and organizations. Now, the more well-known Carglass.de, Fluke.com, and the British health authority NHS have been added.

The cl0p gang is known for diverting data from companies through vulnerabilities, for example, in data transfer software, and then extorting money with it. Those who don't pay will have their data end up on the darknet. It is unclear how cl0p claims to have obtained the data now. However, a security vulnerability in Oracle's E-Business Suite (EBS) seems to have served as an entry point more often recently.

Data Leakage Unconfirmed So Far

There are no indications of data leaks on the websites of the now affected organizations. Carglass is a well-known German chain of workshops specializing in repairing stone chips in car windscreens. It was not reachable by phone on Friday afternoon, and all three affected organizations have not yet responded promptly to the related email inquiry.

Fluke is one of the largest and most renowned manufacturers of measuring instruments from the USA. The NHS England is the national health service there. In response to The Register, the NHS neither confirmed nor denied that such an IT incident had occurred. However, a spokesperson for the NHS told the medium: "We are aware that the NHS has been listed on a cybercrime website as being affected by a cyber attack, but no data has been published. Our cybersecurity team is working closely with the National Cyber Security Centre to investigate this." This contradicts a BitTorrent link that cl0p has since published, which is supposed to lead to the download of the stolen data.

It is currently unclear whether sensitive data has actually been exfiltrated and who is affected by it. At the end of February, the criminal organization cl0p listed a total of 230 new entries for data theft from companies, including well-known companies like HP and HPE.

(dmk)