In a wave of cyberattacks that has affected numerous companies and organizations in recent weeks, several US agencies have fallen victim to a broad hacking campaign. The attacks were executed through an unknown vulnerability in widely-used file sharing software, causing concerns about the extent of the breach.
The Cybersecurity and Infrastructure Security Agency (CISA), the leading civilian cybersecurity watchdog in the country, announced on Thursday that it is currently investigating the full scope of the attacks. Eric Goldstein, CISA’s executive assistant director, stated that the agency is providing assistance to several federal agencies that have experienced intrusions. Urgent efforts are underway to assess the impact and facilitate prompt remediation.
The hackers exploited a vulnerability in a popular file transfer tool known as MOVEIt, enabling them to breach various organizations. Mandiant, a cybersecurity company owned by Google, reported that federal agencies had experienced data theft as a result of the MOVEIt hacks. However, it remains unclear whether the stolen files contained sensitive information or if the hackers disrupted government systems.
CISA Director Jen Easterly revealed in an interview with NBC News that the agency is tracking the hackers as a well-known ransomware group. This designation appears to be referencing the established cybercriminal group known as CL0P. Last week, CISA and the FBI jointly issued a warning about CL0P’s exploitation of an undisclosed vulnerability in MOVEIt. The group swiftly targeted and extracted files from at least 47 organizations, subsequently demanding payment to prevent their public release, according to Brett Callow, an analyst at cybersecurity company Emsisoft.
No comments were immediately available from the Office of the Director of National Intelligence, and the National Security Council had yet to respond to inquiries.
Wendi Whitmore, head of threat analysis at cybersecurity firm Palo Alto Networks, described CL0P’s hacking campaign through MOVEIt as alarmingly extensive. She estimated that the total number of victims could potentially reach into the hundreds or more.
The investigation into these cyberattacks and the efforts to address the vulnerabilities are ongoing as authorities work to protect affected agencies and organizations from further harm.
