The U.S. Cybersecurity and Infrastructure Security Agency announced on Thursday that "several" U.S. federal government agencies had been affected in what has been recognized as a global cyberattack.
The attack targeted a vulnerability in a broadly used software, and the agencies have "experienced intrusions affecting their MOVEit applications" a statement released by the U.S. government said.
"We are working urgently to understand impacts and ensure timely remediation," explained Eric Goldstein, a head U.S. cybersecurity official.
Initial investigations suggest that a Russian-speaking ransomware group, called CLOP, could be behind the attack. The group has previously taken responsibility for a similar, ongoing, hacking campaign which has targeted entities from the BBC to Shell Oil, major airlines, hospitals, schools, and some U.S. state governments.
That campaign started approximately 2 weeks ago and has targeted U.S. state governments and universities. The ongoing attacks have created mounting pressure on federal officials who have vowed to put an end to the series of ransomware attacks that have plagued numerous U.S. entities for weeks.
Johns Hopkins University and Health System have also been targeted as part of the attack. A letter was sent to the Hopkins community by officials stating that a preliminary investigation found that the attack "may have impacted the information of Johns Hopkins employees, students and/or patients."
The Hopkins attack was first discovered on May 31 and had exploited a vulnerability in the MOVEit software. While an investigation is still ongoing for the John Hopkins attack, it is not believed that any patient medical records were compromised as a result of the hacking.
"This was called a 'zero-day attack,' meaning the attackers, who are out of Russia, a group known as CLOP, they discovered a vulnerability in this piece of software called MOVEit. MOVEit is a piece of software that allows you to move large data files between networks and between systems. They found a vulnerability before anybody knew about it and, all at once, launched an attack worldwide," explained Bill Sieglein who is a cybersecurity expert.
A report by CNN suggested that the ongoing attacks could be the work of numerous perpetrators, saying, "The Russian hackers were the first to exploit the vulnerability, but experts say other groups may now have access to software code needed to conduct attacks."
"The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web," CNN outlined. "As of Thursday morning, the dark website did not list any U.S. federal agencies," the report concluded.
Regrettably, this is not the first cybersecurity incident to affect the federal government. In February it was discovered that an email server at U.S. Special Operations Command (USSOCOM) had been leaking sensitive but not classified communications for at least 2 weeks after a security mishap left the server without a protective password.
Subscribe to our evening newsletter to stay informed during these challenging times!!