Saturday, March 2, 2024

Exclusive: US Government Agencies Targeted in Global Cyberattack

 According to a leading US cybersecurity agency, several US federal government agencies have fallen victim to a global cyberattack orchestrated by Russian cybercriminals who exploit a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency (CISA) is offering assistance to multiple federal agencies affected by intrusions in their MOVE it applications, as stated by Eric Goldstein, the agency's executive assistant director for cybersecurity. Efforts are underway to understand the extent of the impact and implement timely remediation.
Beyond US government agencies, "several hundred" US companies and organizations could also be impacted by this hacking spree, as estimated by a senior CISA official, referencing private experts' assessments.

The ransomware gang believed to be responsible, known as Clop, has a reputation for demanding multimillion-dollar ransoms. However, no ransom demands have been made to federal agencies, according to the senior official's background briefing.
IN response, CISA's actions coincide with Progress Software, the US company responsible for the exploited software, reporting the discovery of a second vulnerability in the code, which is currently being addressed.
The Department of Energy, confirmed by a spokesperson, is among the multiple federal agencies breached in this ongoing global hacking campaign. CISA Director Jen Easterly stated that these hacks have not significantly impacted federal civilian agencies, adding that the hackers have been primarily opportunistic in exploiting the software flaw to infiltrate networks.
This news adds to the growing list of victims affected by an extensive hacking campaign that commenced two weeks ago, targeting major US universities and state governments. The relentless wave of cyberattacks puts pressure on federal officials who have pledged to combat the scourge of ransomware attacks that have paralyzed schools, hospitals, and local governments across the country.
Since late last month, the hackers have exploited a vulnerability in the widely used MOVE it software, commonly employed by companies and agencies for data transfer. Progress Software revealed a new vulnerability in the software that could be exploited by malicious actors, subsequently prompting the company to take MOVE it Cloud offline while urgently addressing the issue.
Agencies were quick to deny being affected by the hack, while the Transportation Security Administration and the State Department confirmed they were not victims. The Department of Energy took immediate action to mitigate the hack's impact upon discovering that records from two department entities were compromised. The department is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate the breach's consequences.
The Department of Energy victims include Oak Ridge Associated Universities, a not-for-profit research center, and a contractor affiliated with the department's Waste Isolation Pilot Plant in New Mexico, responsible for disposing of atomic energy-related waste.
Johns Hopkins University and its renowned health system reported that sensitive personal and financial information, including health billing records, may have been stolen in the hack. Additionally, Georgia's state-wide university system, encompassing the University of Georgia and other state colleges and universities, is investigating the scope and severity of the breach.
Although CLOP initially claimed responsibility for some of the hacks, which affected BBC employees, British Airways, Shell, and state governments in Minnesota and Illinois, among others, it remains uncertain if other groups now have access to the necessary software code to carry out attacks.
The CLOP ransomware group set a deadline for victims to contact them regarding ransom payment, after which they began listing additional alleged victims on their extortion site on the dark web. As of Thursday morning, no US federal agencies were listed on the dark website. Instead, the hackers boldly stated, "If you are a government, city, or police service, do not worry, we erased all your data. You do not need to contact us. We have no interest in exposing such information."

No comments:

Post a Comment

AT&T Data Breach: 73 Million Customers' Information Leaked, Company Confirms

AT&T has confirmed a data breach impacting 73 million current and former customers, despite initially denying that the leaked data origi...