Several US government agencies have been hit in a global hacking campaign that exploited a vulnerability in widely used to transfer files from one computer to another.
‘We are working urgently to understand impacts,’ said Eric Goldstein, the executive assistant director for cybersecurity of the US Cybersecurity and Infrastructure Security Agency (CISA).
The hackers exploited a vulnerability in a program called MOVEIt, but it is unclear if sensitive information was compromised or if government systems have been disrupted.
While CISA did not specify how many federal agencies have been hit, Goldstein said that his agency ‘is providing support to several federal agencies that have experienced intrusions.’
Thursday’s report from the comes as the US has been hit with major attacks over the past few months.
In late May, the Russian-speaking gang of hackers known as CLOP began leveraging a new flaw, or exploit, discovered in a widely used file-transfer software known as MOVEit. The hackers seemed to penetrate as many vulnerable organizations as they could identify.
Progress Software, which owns MOVEit and distributes it as a ‘secure managed file transfer software,’ urged its customers to install updates to correct the flaw, alongside other security advice.
Johns Hopkins University released a statement this week alerting patients, students and the public that ‘sensitive personal and financial information,’ including health billing records from the university’s well-regarded healthcare system may have been compromised in the attack.
CLOP claimed credit for similar assaults on state government systems in both Minnesota and Illinois, as well as on major international firms including British Airways and Shell.
The entire university system across the state of Georgia also reported that its dozens of state colleges and schools, including the 40,000-student University of Georgia, had been penetrated in the attack. University officials said they were still investigating the ‘scope and severity’ of the attack.
CLOP’s tell-tale ransomware packages first emerged in February of 2019, according to the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center.
The hacker group’s extortion attempts have occasionally been staggeringly lucrative, including payouts as high as $500 million.
Cybersecurity experts disclosed that, while CLOP was the first hacker group to make use of the MOVEit exploit, others may now have obtained the capabilities to launch copycat attacks, like those that hit US federal government agencies this week.
The ransomware group set a deadline of this past Wednesday, telling its victims to begin paying up or risk the public release of their stolen data.
The group also said that it would begin dropping names of their other alleged victims, but as of Thursday morning, no US federal agencies were listed.