AhlulBayt News Agency: Several Federal Government agencies in the United States, including the Department of Energy, have been targeted in a global campaign of cyberattacks exploiting a vulnerability in the widely used software MOVEit Transfer.
The Cybersecurity and Infrastructure Security Agency (CISA) is providing support to the targeted agencies.
Eric Goldstein, the CISA assistant executive director, said in a statement Thursday, “We are working urgently to understand impacts and ensure timely remediation.”
Apart from the Federal Government agencies, “several hundred” companies and organizations in the States could be affected by the hack.
Clop is the alleged ransomware gang responsible for the hack. The group is known for demanding multi-million-dollar ransoms. No ransom demands have been made of federal agencies, however.
Meanwhile, the Department of Energy has confirmed it is one of several federal agencies breached in the ongoing hacking campaign.
CISA Director Jen Easterly told reporters the hacks had no “significant impact” on civilian federal agencies.
Over the past several days, a massive hacking campaign has been going on in the United States, affecting major universities and government institutions. The hackers are putting pressure on federal officials who have vowed to put an end to the scourge of ransomware attacks that have disrupted schools, hospitals and local governments across the States.
Since late May, hackers have been exploiting a flaw in MOVEit that companies and agencies use to transfer data. Progress Software, the US-based developer of the software, says it discovered a new vulnerability in the software that “could be exploited by a bad actor.”
“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said in a statement.
The Transportation Security Administration and the State Department say they were not victims of the hack.
MOVEit Transfer is a popular tool used by organizations to share sensitive information with partners or customers. John Hammond, a security researcher at Huntress, said it could be used by customers of a bank, for example, to upload their financial information for loan applications. “There's a whole lot of potential for what an adversary might be able to get into,” he said earlier this month.
/129
The Cybersecurity and Infrastructure Security Agency (CISA) is providing support to the targeted agencies.
Eric Goldstein, the CISA assistant executive director, said in a statement Thursday, “We are working urgently to understand impacts and ensure timely remediation.”
Apart from the Federal Government agencies, “several hundred” companies and organizations in the States could be affected by the hack.
Clop is the alleged ransomware gang responsible for the hack. The group is known for demanding multi-million-dollar ransoms. No ransom demands have been made of federal agencies, however.
Meanwhile, the Department of Energy has confirmed it is one of several federal agencies breached in the ongoing hacking campaign.
CISA Director Jen Easterly told reporters the hacks had no “significant impact” on civilian federal agencies.
Over the past several days, a massive hacking campaign has been going on in the United States, affecting major universities and government institutions. The hackers are putting pressure on federal officials who have vowed to put an end to the scourge of ransomware attacks that have disrupted schools, hospitals and local governments across the States.
Since late May, hackers have been exploiting a flaw in MOVEit that companies and agencies use to transfer data. Progress Software, the US-based developer of the software, says it discovered a new vulnerability in the software that “could be exploited by a bad actor.”
“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said in a statement.
The Transportation Security Administration and the State Department say they were not victims of the hack.
MOVEit Transfer is a popular tool used by organizations to share sensitive information with partners or customers. John Hammond, a security researcher at Huntress, said it could be used by customers of a bank, for example, to upload their financial information for loan applications. “There's a whole lot of potential for what an adversary might be able to get into,” he said earlier this month.
/129