Cyberattack Spree Hits Federal Government
The series of hacks exploiting a vulnerability in a common file-transfer software has affected companies, universities, and now the U.S. government
Eric Goldstein of the U.S. Cybersecurity and Infrastructure Security Agency said in a statement that the the CISA “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications” and that it is “working urgently to understand impacts and ensure timely remediation.”
It’s unclear who is responsible for the attacks, although a Russian-speaking ransomware group last week claimed credit for breaches of the BBC, British Airways, and other companies. The group, known as CLOP, began exploiting a vulnerability in the MOVEit software in late May, and have alleged they have information on “hundreds of companies” while demanding a ransom. Shell confirmed on Thursday that it was also attacked.
The attacks have also affected multiple state governments and higher learning institutions across the U.S. Johns Hopkins University said on Wednesday that “sensitive personal and financial information” had been stolen in the MOVEit attacks. The that University System of Georgia has also said it may have been breached. “USG’s cybersecurity experts are evaluating the scope and severity of this potential data exposure,” the system announced. “If necessary, consistent with federal and state law, notifications will be issued to any individuals affected.”
Around a dozen U.S. federal agencies have contracts with MOVEit, according to Politico, and as of Thursday afternoon it does not appear any federal government data has been leaked. CISA and the FBI sent out an advisory last week instructing agencies to update the software.
CLOP attacks on MOVEit are part of a spree of recent ransomware attacks. The Justice Department announced on Thursday that it has charged a Russian national for allegedly conspiring to commit LockBit ransomware attacks on against U.S. and foreign businesses, one of multiple LockBit-related arrests made in recent months.
Microsoft announced in May that a state-sponsored Chinese hacking group has also been targeting critical U.S. infrastructure.