Dive Brief:
- Crown Resorts, a resort and casino operator based in Australia, confirmed last Monday it was one of many organizations impacted by a spree of attacks carried out by Clop, a ransomware threat actor targeting file-transfer service GoAnywhere.
- The company asserts no customer data has been compromised and business operations remain unimpacted. An investigation into the matter is still underway.
- “Crown became aware of the security incident late last week when a series of emails from a ransomware group, claiming to have illegally obtained data from Crown were intercepted by our information security team,” Kris Taute, the company’s head of corporate communications, said via email.
Dive Insight:
The cyberattack against Crown Resorts is part of a global spree linked to a vulnerability in GoAnywhere. Threat actors affiliated with the Clop ransomware group claimed more than 130 victims in early February and claimed an additional 60 victims between March 22 and March 24.
“Given our investigations are ongoing, we're unable to confirm the total number of records, nature of the data or ransom involved in this security incident,” Taute said. “However, based on Crown's use of the managed file transfer service, we can confirm that customer data has not been compromised” and business operations are currently not impacted.
Crown Resorts confirmed it's a customer of GoAnywhere and is seeking more information from Fortra, the company behind the file-transfer service. The company has also isolated use of GoAnywhere while the investigation remains ongoing.
Fortra said it was first made aware of suspicious activity in some instances of GoAnywhere on Jan. 30. The company released a patch for the actively exploited zero-day vulnerability, which is being tracked as CVE-2023-0669, a week later.
Employees, law enforcement and gaming regulators were notified prior to public disclosure, and cybersecurity experts in Australia and the U.S. have been pulled in to assist with the investigation and response, Taute said.
Private equity firm Blackstone acquired Crown Resorts in June 2022. Crown Resorts said it had 20,000 employees at the time. The company also owns a members club in London and holds ownership stakes in Aspers Group, Nobu, Betfair Australasia, DGN Games and Chill Gaming.