A gang of hackers has compromised the personal information of Investissement Québec employees.
On its dark web site, the Clop ransomware group claims to have stolen information from the state-owned company. Contacted by La Presse, Investissement Québec explains that a “privacy incident” affected a file sharing platform it uses, GoAnywhere MFT by Fortra.
“Some employee personal information is involved,” said vice-president of communications Gladys Caron.
The government’s financial arm clarifies that the attack hit its supplier, not the state-owned company itself. “The Investissement Québec systems are not affected, assures the spokesperson. We quickly took all necessary measures. »
She adds that the organization’s clients “are not at risk.” As for the compromised data on its personnel, “all adequate measures have been implemented to protect it”, says Gladys Caron.
Investissement Québec says no more “for security reasons”.
So far, Clop hasn’t released any information stolen from the state corporation, unlike the data of many other victims of the gang, which can be found on his site.
Investissement Québec manages a $6.1 billion portfolio for the government.
The Clop ransomware group has also added Rio Tinto to the list of its victims on its site, still without publishing files for the moment. The multinational has a strong presence in Quebec in the aluminum and iron sector. It was not immediately possible to obtain his comments.
The Toronto investment fund Onex is also among the victims of cybercriminals.
In February, Clop allegedly got in touch with a journalist from the specialized site Bleeping Computer, to whom he explained that he had found a new vulnerability (“zero-day”) in the GoAnywhere file transfer tool. By exploiting it, the gang claims to have been able to steal information from 130 organizations that use it in 10 days.
Bleeping Computer had been unable to independently confirm these claims.
On Wednesday, a spokesperson for Onex reportedly anonymously acknowledged that hackers had reached it through this service, according to the specialized site IT World Canada.
If Clop still hasn’t released information on Investissement Quebec, Rio Tinto and Onex, the gang could do so quickly, as it did with other victims of the attack on GoAnywhere. “They seem to be moving really fast in this case,” said Brett Callow, threat analyst at antivirus firm Emsisoft.
“This is the second time that Clop has exploited vulnerabilities in a file exchange platform,” notes the expert. In 2021, the gang had hit the Accellion FTA platform and stole information on military technology from Bombardier Aerospace and data from the City of Toronto.
Hackers regularly post new names of alleged victims of their attack on GoAnywhere, and Brett Callow expects to find other Canadian organizations there, “both in the public and private sectors.”
