Russian hacking group “Clop” leaked confidential information held by the UK police onto the dark web. The data were stolen from Dacoll, an IT company which handles the Police National Computer.
Who is this Hacking Group?
Clop is infamous for infecting its targets with ransomware, and for naming and shaming its victims on a Tor leak site. The group has moved over $500 million through its operations.
The group’s recent victims include: oil giant Shell, security company Qualys, U.S. bank Flagstar, the controversial global law firm Jones Day, Stanford University, and University of California, among several others, all victims of a supply chain hack against Accellion, a company that provides a file transfer application.
Cl0p, also known as TA505 and FIN11, has been around for at least three years, according to several security firms that have been tracking the group. But the hackers have recently grabbed more headlines and become more prominent after gaining access to a treasure trove of sensitive data from dozens of companies—and all thanks to one single hack.
Cl0p normally contacts the breached companies directly via email, offering to negotiate a payment to avoid the leak of the stolen data on their chat portal. If the company agrees and pays quickly, the hackers don’t leak any data, nor put the company’s name on their website. Sometimes they even show a video as proof they deleted the sensitive data after a payment. If the company refuses to engage, the hackers start leaking some data, according to multiple security researchers who are tracking Cl0p.
How did they get their hands on the data?
Clop targeted Dacoll through a phishing campaign and gained access to the data as well as access to the Police National Computer, which holds personal information of 13 million people!
Clop Demanded Ransom
Clop demanded a ransom from Dacoll, which the latter refused to pay. Consequently, the hackers leaked UK traffic information on the dark web. The leaked information includes close-up images of motorists snapped for speeding.
The images apparently came from the UK’s Automatic Number Plate Recognition (ANPR) system.
Dacoll has not revealed the amount of the demanded ransom. Furthermore, it is unclear what other information Clop has access to, and could potentially leak in the future.
Statement from Dacoll
A spokesperson from Dacoll gave a short statement regarding the incident.
“We can confirm we were the victims of a cyber incident on October 5. We were able to quickly return to our normal operational levels. The incident was limited to an internal network not linked to any of our clients’ networks or services,” the spokesperson said.