According to reports, several federal government agencies in the U.S. were hacked as part of a global cyber attack which exploited flaws in a heavily used file transfer software.
The Cybersecurity and Infrastructure Security Agency (CISA), the country’s top civilian-operated cybersecurity watchdog overseen by the Department of Homeland Security, first reported the cyberattack on Thursday, June 15, according to NBC News.
CISA also went on to confirm reports that they were involved in providing support to multiple federal agencies “that have experienced intrusions affecting their (file transfer) applications.”
“We are working urgently to understand impacts and ensure timely remediation,” said CISA in a statement.
The hackers involved exploited a quite easily found vulnerability in the file-sharing program MOVEIt Transfer, the popular tool used by government agencies to transfer files quickly, but not safely.
In an interview, CISA Director Jen Easterly claimed the agency was tracking the hackers “as a well-known ransomware group,” without going into specifics. This sounds kind of like the pipeline ransom situation which ran off with millions of taxpayers dollars and no one was brought to justice.
A cybercriminal org anization known as CLop has gone on to claim credit for the hack. The group, active since 2014, which is believed to be operating within Russia with the tacit approval of Russian intelligence services, may have conducted the cyberattack in response to a warning by CISA and the Federal Bureau of Investigation
advising CLop against exploiting previously unknown vulnerabilities in MOVEIt.
The hacker group used flaws in the software to steal files from at least 47 organizations and demand ransom payments in exchange of not publishing the content online.
“They’ve started releasing some of the data that was stolen as part of their work to extort these companies,” said Anne Neuberger, deputy national security advisor for cyber and emerging technology for the National Security Council. She noted that the hackers attacked companies across the world, moving “large files” into their databases.
“We strongly encourage anyone who was a user of the software to, of course, patch (the vulnerability) and lock down their systems,” Neuberger added.
Johns Hopkins University has already admitted in a statement that they were “investigating a recent cybersecurity attack that affected our networks”.
The University System of Georgia, which is comprised of 26 public colleges, also has come out and claimed they were “evaluating the scope and severity of this potential data exposure.”
International energy company Shell has joined the party and claims victimhood even though there is no evidence supporting they were hit with a cyberattack.
Others notably claiming to be victims include; British media outlet BBC and British Airways.
You must be logged in to post a comment Login