A cyberattack has been launched against multiple US federal government institutions following the revelation of vulnerabilities in the MOVEit Transfer and MOVEit Cloud platforms. The ransomware group named Clop is believed to be responsible for the attack, although no ransom demands have been made by federal agencies thus far. The US Cybersecurity and Infrastructure Security Agency is providing assistance to government agencies that have been targeted.
Reports suggest that the attacks have not had significant impacts on federal civilian agencies, as the hackers have primarily been opportunistically exploiting vulnerabilities in the software to gain access to networks. However, the disclosure of these vulnerabilities has led to an increase in the number of victims impacted by the cyberattack, including state governments and major US colleges.
This cyber campaign puts additional pressure on federal officials who have pledged to put an end to the wave of ransomware attacks that have plagued local governments, hospitals, and schools across the country. The Department of Energy is one of the federal agencies that has been hacked, and immediate measures were taken to mitigate the consequences of the breach when it was discovered that documents from two department entities had been stolen. Oak Ridge Associated Universities and a contractor with the department’s Waste Isolation Pilot Plant are among the victims.
The State Department and the Transportation Security Administration have stated that they were not affected by the breach. Progress Software, the company responsible for providing the software, has confirmed the discovery of a new vulnerability and has taken MOVEit Cloud offline to urgently patch the issue. The hack has also impacted Johns Hopkins University and its health system, where sensitive personal and financial information may have been stolen. The state university system of Georgia is also investigating the scope and severity of the attack.
Clop has claimed responsibility for part of the breaches, which have also affected workers at the BBC, British Airways, Shell, and state governments in Minnesota and Illinois, among others. While Russian hackers were the first to exploit the MOVEit vulnerability, analysts believe that other parties now have access to the software code needed to carry out similar attacks.
The ransomware group had set a deadline for victims to contact them about paying the ransom, but as of Thursday morning, no US federal agencies were mentioned on their dark web extortion site. Instead, the hackers stated that they had erased all data belonging to government, city, and police services and had no interest in exposing such information.
The identification of these vulnerabilities and subsequent intrusions serves as a reminder of the ongoing cybersecurity risks and the need for continued attention and preventative measures to defend against potential attacks. The Cybersecurity and Infrastructure Security Agency recommends that all affected users and organizations review the MOVEit Transfer advice, implement the recommended countermeasures, and update as soon as patches become available.