In an alarming cybersecurity breach, several U.S. federal government agencies have fallen victim to a global hacking campaign that is allegedly orchestrated by Russian cybercriminals. The US Department of Energy and multiple other federal agencies were hit in the global cyberattack, wherein the attackers exploited a vulnerability in a widely used file-transfer software. By exploiting the weakness, the hackers gained unauthorized access to sensitive networks and systems.
Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), said in a statement that they were “urgently working” to determine the impact of the cyberattack and ensure that “timely remediation” was available for them. According to a senior CISA official, “several hundred” companies and organizations in the US could be affected by the hacking campaign. The Department of Energy said that it “took immediate steps” to mitigate the impact of the hack after learning that records from two department entities had been compromised.
Online extortion group Cl0p has claimed credit for the MOVEit hacking campaign, and is yet to make random demands from the impacted federal agencies. CISA Director Jen Easterly later said that the cyberattacks did not have any “significant impacts” on federal civilian agencies, and that the threat actors have been “largely opportunistic” in using the software flaw to break into networks.
If it is not clear, this infiltration of U.S. federal government agencies through this cyberattack raises serious implications for national security. Such agencies are often known to house classified information, intellectual property, and sensitive data crucial to the nation’s defense, diplomacy, and law enforcement efforts. The compromise of such information could not only jeopardize ongoing operations, but it could also undermine public trust in government institutions and potentially impact diplomatic relations.
As a sobering reminder of the ever-present dangers in the digital landscape, this development paints a disturbing picture, especially as it comes amidst a serious ongoing hacking campaign that has already claimed multiple victims across the globe in recent times. Its victims already include the likes of the UK’s telecom regulator, British Airways, the BBC and drugstore chain Boots, from whose systems the group has successfully stolen data. State governments and major US universities, amongst other organizations, have already fallen victim to the two-week-long campaign – something that further underscores the need for enhanced threat intelligence capabilities, greater investments in advanced technologies, and fostering of a culture of cybersecurity awareness are crucial components of an effective defense strategy.
The other victims of the recent cyberattack include British energy giant Shell, the Johns Hopkins University, the Johns Hopkins Health System and the University System of Georgia. According to media reports, the hackers infiltrated the systems through the MOVEit Transfer software and exploited a security flaw that was available in said software. For those who are not aware, the software is usually used by organizations to transfer files and sensitive information between their partners or customers. Johns Hopkins is currently investigating the cybersecurity attack, while the University System of Georgia said that it was “evaluating the scope and severity of this potential data exposure” from the MOVEit hack.
For now, the CISA is also providing support to several federal agencies that have “experienced intrusions affecting their MOVEit application,” Goldstein said. MOVEit Transfer maker Progress Software admitted that it had discovered another “critical vulnerability” in the software. For now, the company has “engaged with federal law enforcement” and is working with customers to help them apply fixes to their systems.