US federal agencies, including several hundred companies and organizations, have been targeted in a large-scale cyberattack by Russian cybercriminals. Exploiting a vulnerability in widely used software known as MOVEit, the hackers have successfully breached networks and compromised data. While the ransomware group Clop is believed to be responsible, no ransom demands have been made towards federal agencies.
The incident adds to a growing list of victims in an extensive hacking campaign that has affected major US universities, state governments, and other entities. The US Cybersecurity and Infrastructure Security Agency (CISA) is actively supporting federal agencies affected by the intrusion on their MOVEit applications. The agency is working urgently to assess the impacts and facilitate timely remediation efforts.
Furthermore, the hacking spree is estimated to have the potential to affect numerous companies and organizations across the US, according to a senior CISA official. The attackers, known for demanding high ransoms, have not yet made ransom demands towards federal agencies. Progress Software, the US-based company behind the exploited software, has identified a new vulnerability and is working to develop a fix. The Department of Energy, among multiple federal agencies, has confirmed being breached in the ongoing hacking campaign.
However, CISA Director Jen Easterly stated that the cyberattacks have not caused significant impacts on federal civilian agencies and that the hackers have mainly been opportunistic in exploiting the software flaw for unauthorized network access. The cyberattacks have raised concerns as they target critical sectors and pose significant challenges to federal officials aiming to combat the growing threat of ransomware attacks. The hackers have taken advantage of a flaw in MOVEit software, used for data transfer, since late last month.
Progress Software has provided guidance to customers on securing their environments and has temporarily taken MOVEit Cloud offline while working on patching the vulnerability. Various entities, including the Transportation Security Administration and the State Department, have denied being victims of the hack, while the Department of Energy has taken immediate steps to mitigate the impact and is collaborating with law enforcement, CISA, and the affected entities to investigate the breach.
Additionally, oil and gas company Shell has confirmed that it was targeted by the Clop ransomware attacks on the MOVEit file transfer tool. While Shell’s core IT systems remained unaffected, investigations are ongoing. Other organizations, including the BBC, British Airways, Aer Lingus, Boots, Ofcom, and Transport for London, were also impacted by the MOVEit breach. The attacks compromised sensitive information and personal data, with some organizations being more exposed due to their use of a third-party payroll services supplier called Zellis. Clop has previously targeted other file transfer products and recently a second vulnerability in MOVEit was discovered, leading to further breaches. Efforts are being made to investigate and mitigate the impact of these attacks.
