Such a development comes after the vulnerability was discovered by Proofpoint to be leveraged in intrusions beginning September 28, following the release of its proof-of-concept exploit code and technical information by Project Discovery.
After shutting down its systems on September 20, MoneyGram issued an email update five days later stating that it has since restored most of its operations with the assistance of CrowdStrike and other third-party cybersecurity experts, as well as U.S. law enforcement.
Additional details regarding the extent or perpetrators of the breach were not provided but the French international news agency said that global news coverage had not been affected by the intrusion while noting an ongoing investigation into the incident alongside the French National Agency for IT Systems Security.
Such an intrusion involved threat actors compromising a software-as-a-service user's email account to determine potentially exploitable conversations where they could deliver an email purporting to be a reply to a message about tax and payment details before establishing a new mailbox rule that would forward messages to an archive folder to conceal malicious activity.