Russian hackers have been drip-feeding the names of their victims from a recent cyberbreach onto the dark web this week, with warnings that the total number is expected to be sizeable.
So far more than 35 businesses are known to have been hacked but none of their information has yet been published online — a move that mirrors previous incidents involving Clop, the group behind the attack. The data was obtained through a vulnerability in MOVEit, a widely distributed piece of software from Progress, a US developer, used to transfer information.
Hacked companies named include Shell and other US and western European firms, representative of the software’s customer base.
A Shell spokesman said: “We are aware of a cybersecurity incident that has impacted a third-party