Home / News / Internet / US federal agencies confirm MOVEit breach, hackers list more victims

US federal agencies confirm MOVEit breach, hackers list more victims

Multiple federal agencies have been attacked using a popular file transfer tool’s security flaw, according to the U.S. government.

CISA told that “several” U.S. government agencies were breached by Progress Software’s MOVEit Transfer enterprise file transfer tool. The agency also attributed the attacks to the Russia-linked Clop ransomware gang, which this week began posting the names of organizations it claims to have hacked using the MOVEit flaw.

CISA did not name the agencies affected by the attacks, which CNN first reported. Reported that two Department of Energy entities were breached.

A DoE spokesperson said, “Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA). “The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate breach impacts.”

According to the Federal News Network, Oak Ridge Associated Universities and a New Mexico Waste Isolation Pilot Plant were the two DOE entities affected by the vulnerability, exposing “the personally identifiable information of potentially tens of thousands of individuals, including Energy employees and contractors.”

According to the Federal Data Procurement System, 12 other U.S. agencies have MOVEit contracts. The Army, Air Force, and FDA are included.

CISA director Jen Easterly said the cybersecurity agency is working with affected agencies “urgently to understand impacts and ensure timely remediation” in a Thursday press conference on the MOVEit vulnerability. Easterly added that the intrusions are not being used to “steal specific high value information” or gain persistence into targeted systems.

Easterly concluded that this attack was opportunistic. In addition, Clop actors have not threatened to extort or release data stolen from U.S. government agencies.

Clop announced on its dark web leak site that government data had been erased and no government agencies had been victims.

However, Clop has added the Boston Globe, California-based East Western Bank, New York-based biotechnology company Enzo Biochem, and Microsoft-owned AI firm Nuance to its MOVEit vulnerability victims.

Enzo agency spokesperson Lynn Granito told the company would not comment. Has not heard from the other newly listed companies.

The Russia-linked ransomware group posted the first batch of affected organizations, including U.S. financial services firms 1st Source and First National Bankers Bank and U.K. energy giant Shell, one day earlier.

Progress Software rushed to patch a new MOVEit Transfer vulnerability as new victims emerge. Progress advised that CVE-2023-35708, a vulnerability, could allow unauthorized access to customer environments.

 

About Chambers

Check Also

The Air Force has abandoned its attempt to install a directed-energy weapon on a fighter jet, marking another failure for airborne lasers

The U.S. military’s most recent endeavor to create an airborne laser weapon, designed to safeguard …