On Wednesday, June 14, 2023, the dark web leak site for Russia-based Clop (also known as Cl0p) ransomware operations began listing organizations it had breached with a supply chain attack exploiting flaws in the MOVEit file sharing tool that Progress Software developed. Clop actors claimed to have compromised hundreds of entities; the ever-expanding list includes organizations in the financial, insurance, local government, health and education sectors. The data exfiltration reportedly began around May 27, during the US Memorial Day holiday.

Clop operators reportedly breached not only private companies and state and local public organizations but also US government entities or contractors. These included a New Mexico company that disposes nuclear waste for the US Energy Department; the Oak Ridge Associated Universities, a scientific research consortium associated with the national nuclear research laboratories at Oak Ridge, Tennessee; the US Department of Agriculture; and the Office of …