The hacker groups BlackCat (ALPHV) and Clop announced the hacking of Estée Lauder, the American beauty industry giant. BlackCat members ridiculed the company’s security measures and report that they retained access to its network for a long time.
Earlier this week, representatives of Estée Lauder filed a complaint with the US Securities and Exchange Commission, reporting a hacker attack. According to these documents, attackers gained access to some of the company’s systems and possibly stole data.
Estée Lauder says it is currently recovering affected services and systems and “the incident has caused and continues to cause disruption to the company’s business operations.”
So far, the company has not disclosed the details of the incident, but said that it acted proactively and turned off some systems to prevent attackers from advancing through the network. Now third-party information security experts and law enforcement agencies are investigating the incident.
As the media now reported, two hack groups claimed responsibility for hacking the company.
The Estée Lauder hack was first reported on the Clop website. It appears that ransomware gained access to the company’s network through a vulnerability in MOVEit Transfer that had previously affected hundreds of other companies and organizations. Representatives of the group write that during the attack they managed to steal 131 GB of data. And we wrote that the group is extorting money from companies affected by this vulnerability.
Representatives of the BlackCat group also reported a successful attack on Estée Lauder. In their post, they express dissatisfaction with the fact that company representatives have not yet responded to extortionate emails that hackers have been sending since July 15, 2023.
And we have already talked about the activities of these cybercriminals more than once, for example, about the attack on NCR’s POS System.
In addition, BlackCat says that although Microsoft Detection and Response Team (DART) and Mandiant experts were involved in responding to the incident, Estée Lauder’s network remained compromised for a long time, and they retained access to it.
The attackers say they did not encrypt the company’s systems, but threaten to publish the stolen data if Estée Lauder does not contact them. The hackers hint that the stolen information may affect the company’s customers, employees and suppliers.