Tuesday, June 25, 2024

US Government Agencies Hit By Clop In MOVEit Global Cyberattack

A global cyberattack targeting numerous US federal government institutions has been launched as a result of the recent revelation of vulnerabilities in the MOVEit Transfer and MOVEit Cloud platforms.

According to reports, the claimed responsible ransomware group, Clop, is known to seek multimillion-dollar ransoms. However, no demands for ransom had been made by federal agencies.

The US Cybersecurity and Infrastructure Security Agency is offering assistance to many government agencies whose MOVEit apps have been the target of breaches.

Insights of the Clop In MOVEit Global CyberAttack

The attacks had not had any “significant impacts” on federal civilian agencies; the hackers have been “largely opportunistic” in utilizing the software hole to access networks.

The disclosure increases the number of victims of a massive cyber attack that started two weeks ago and has affected state governments and major US colleges. 

The cyber campaign puts more pressure on federal officials who have promised to stop the plague of ransomware assaults that have crippled local governments, hospitals, and schools throughout the US.

According to a report shared by CNN, the Department of Energy is one of the federal agencies that have been hacked.

When the Department of Energy discovered that documents from two department entities had been stolen, it took immediate steps to reduce the consequences of the breach.

Oak Ridge Associated Universities, a non-profit research center, is one of the Department of Energy’s victims. The other victim is a contractor with the department’s Waste Isolation Pilot Plant in New Mexico, which disposes of atomic energy.

The State Department and the Transportation Security Administration claimed they were not hacked.

Progress Software, the company that provides the software, confirmed the discovery of a new vulnerability in the software that a bad actor might exploit.

“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said.

Johns Hopkins University in Baltimore and the university’s renowned health system said that “sensitive personal and financial information,” including health billing records, may have been stolen in the hack.

Meanwhile, Georgia’s state university system, which includes the 40,000-student University of Georgia as well as more than a dozen other state schools and institutions, acknowledged it was looking into the scope and severity of the attack.

CLOP claimed responsibility for part of the breaches last week, which also impacted workers of the BBC, British Airways, the oil company Shell, and state governments in Minnesota and Illinois, among others.

Although Russian hackers were the first to exploit the MOVEit vulnerability, analysts believe that other parties may now have access to the software code required to carry out assaults.

The ransomware group had given victims until Wednesday to contact them about paying the ransom, after which they began listing more purported victims of the breach on their dark web extortion site.

The dark website did not mention any US federal agencies as of Thursday morning. 

Instead, the hackers stated in all caps, “If you are a government, city, or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”

Hence, the identification of these flaws and subsequent intrusions serves as a sobering reminder of the continuous risks to cybersecurity and the necessity for continued attention and preventative actions to defend against possible attacks.

CISA recommends that all affected users and organizations study the MOVEit Transfer advice, implement the suggested countermeasures, and update as soon as patches become available.

Looking For an All-in-One Multi-OS Patch Management Platform – 

Website

Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles