Multiple Federal agencies have been under attack after hackers found vulnerabilities in the internationally used file transfer service, MOVEit.
The US Cybersecurity and Infrastructure Agency has responded to the recent hack, explaining that it’s supporting the agencies that have been hit by the attack. According to CISA, hundreds of US companies and organizations may have been affected by the large-scale breach.
Companies and governments include The Department of Energy, the Illinois Department of Innovation and Technology (DoIT), The Minnesota Education Department, Georgia’s State University, John Hopkins University of Baltimore, and many more.
“The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach,” said a spokesperson from The Department of Energy. Other agencies and companies are responding similarly, taking steps to fix the leak.
While the hacker group taking credit for the attack, Cl0p, has a track record of demanding large ransoms in exchange for stolen data, so far no ransoms have been made. However, the campaign has been ongoing for several weeks and has targeted schools, hospitals, and local governments all across the US.
The Russian-backed cyberattack isn’t just affecting the US, it’s one of the largest-scale, international cyberattacks that’s been staged. Hackers used the MOVEit vulnerabilities to target the provincial government of Nova Scotia, UK-based payroll company Zellis, British Airways, Boots, and dozens of other international companies and governments.
While ransoms haven’t begun coming in yet, the cl0p ransomware gang is known for wringing their victims dry and has a history of “opportunistic” behavior. Leaked information can include full names, addresses, sensitive financial information, and more.
“The activity we’re seeing at the moment, adding company names to their leak site, is a tactic to scare victims, both listed and unlisted, into paying,” says Rafe Pilton, director of threat research at Secureworks.