Hackers list more victims as the United States government has revealed that various federal organizations have been targeted by cyberattacks that exploited a security flaw in a widely used file transfer program. The vulnerability allowed the hackers to access the systems of the targeted agencies.
In a statement that was distributed to TechCrunch, the Computer Security and Infrastructure Security Agency (CISA) stated that “several” United States federal entities have been compromised as a result of the exploitation of a vulnerability in Progress Software’s MOVEit Transfer, an enterprise file transfer solution.
Related;Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency
The agency also blamed the attacks on a group of cybercriminals known as the Clop ransomware gang, which has ties to Russia. This week, the gang began publishing the identities of businesses it claims to have hacked by taking advantage of a vulnerability known as MOVEit.
CISA did not specify the agencies that were targeted by the attacks, nor did they comment on the number of agencies that were affected by them. CNN was the first to report on the attacks. Despite this, the Department of Energy has acknowledged to TechCrunch that two of its organizations were among those that had their security compromised.
Related;North Korean hackers impersonated journalists to gather intel from academics and think tanks
“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA),” a spokesperson for the Department of Energy (DoE) said in a statement. “MOVEit Transfer” is a program that allows users to share files with one another. “The Department has notified Congress of the incident and is currently working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate the impacts caused by the breach,”
According to the Federal News Network, the two Department of Energy (DOE) entities that were affected by the vulnerability were Oak Ridge Associated Universities and a Waste Isolation Pilot Plant located in New Mexico. This vulnerability exposed “the personally identifiable information of potentially tens of thousands of individuals, including Energy employees and contractors.”
According to the Federal Data Procurement System, approximately a dozen more United States government agencies now have active MOVEit contracts. The Department of the Army, the Department of the Air Force, and the Food and Drug Administration are all included in this category.
At a news conference held on Thursday to discuss the MOVEit vulnerability, the director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, stated that the agency is working with impacted agencies “urgently to understand impacts and ensure timely remediation.” Although it is not yet known whether data has been stolen, Easterly stated that the breaches are not being leveraged to “steal specific high value information” or to achieve persistence into targeted systems. This is despite the fact that it is not yet known whether data has been stolen.
Easterly summed up the situation by saying that “in sum, as far as we understand it, this attack is largely an opportunistic one.” “In addition, to the best of our knowledge, the Clop actors have not threatened to extort or release any data that has been stolen from agencies of the United States government.”
In a recent update that was made to its dark web leak site, Clop claimed that all material related to the government had been removed, and that no official institutions had been named as victims as of yet.
Related;Police nabs hackers who allegedly defraud bank of N523M in one day
However, Clop has added another group of victims that it claims to have compromised via the MOVEit vulnerability. These victims include the Boston Globe, which is located in Massachusetts, the East Western Bank, which is located in California, the biotechnology company Enzo Biochem, which is located in New York, and the artificial intelligence firm Nuance, which is owned by Microsoft.
Afriupdate was contacted by Lynn Granito, a spokesman for Enzo’s agency, who stated that the company would not be providing any comment. TechCrunch has not received a response from any of the other recently listed companies’ representatives in response to their inquiry.
Just one day prior, the Russia-linked ransomware group posted the first batch of firms that were affected by the attack. This list included organizations that provide financial services in the United States, such as 1st Source and First National Bankers Bank, as well as energy giant Shell in the United Kingdom.
Progress Software has hurriedly released a fix for a new vulnerability that affects MOVEit Transfer in response to the ongoing discovery of additional victims of the attack. Progress said in its advisory that exploitation of this vulnerability, which is referred to as CVE-2023-35708, could result in unauthorized access to the environments of customers.
Follow our socials Whatsapp, Facebook, Instagram, Twitter, and Google News.
