Dragon Security

Today HudsonRock reported a Threat Actor operating under the moniker "Nam3L3ss" claimed to have compromised several large organizations via a MoveIT 0day exploit. Nam3L3ss is currently auctioning and/or distributing the data on the infamous Breached forum.

List of allegedly compromised organizations:
- Amazon 
- MetLife 
- Cardinal Health 
- HSBC 
- Fidelity
- U.S. Bank 
- HP 
- Canada Post 
- Delta Airlines 
- Applied Materials (AMAT) 
- Leidos 
- Charles Schwab 
- 3M 
- Lenovo 
- Bristol Myers Squibb
- Omnicom Group
- TIAA 
- Union Bank of Switzerland (UBS) 
- Westinghouse 
- Urban Outfitters (URBN)
- Rush University 
- British Telecom (BT)
- Firmenich 
- City National Bank (CNB) 
- McDonald’s 

Organizations we've confirmed to have been compromised:
- Amazon
- HSBC

Based on the data reviewed, the compromise for both these organizations took place around May 31st, 2023. None of the data (as we've seen thus far) contains customer information. The data for the organizations impacted appears to be HR and/or accountant related. We do not believe any of this information leaked to be 'mission critical', but because it exposes company internals (employees, floor plans, costs), this still poses a threat to organizations.

tl;dr we don't think Nam3L3ss is playing around. We think this is the real deal.

We are not sure how this person got their hands on the MoveIT 0day exploit, this was used frequently by cl0p ransomware group in the past. It was also briefly used by Lockbit ransomware group.

¯\_(ツ)_/¯