Wednesday, January 15, 2025
HomeCyber AttackUS Government Agencies Hit By Clop In MOVEit Global Cyberattack

US Government Agencies Hit By Clop In MOVEit Global Cyberattack

Published on

A global cyberattack targeting numerous US federal government institutions has been launched as a result of the recent revelation of vulnerabilities in the MOVEit Transfer and MOVEit Cloud platforms.

According to reports, the claimed responsible ransomware group, Clop, is known to seek multimillion-dollar ransoms. However, no demands for ransom had been made by federal agencies.

The US Cybersecurity and Infrastructure Security Agency is offering assistance to many government agencies whose MOVEit apps have been the target of breaches.

Insights of the Clop In MOVEit Global CyberAttack

The attacks had not had any “significant impacts” on federal civilian agencies; the hackers have been “largely opportunistic” in utilizing the software hole to access networks.

The disclosure increases the number of victims of a massive cyber attack that started two weeks ago and has affected state governments and major US colleges. 

The cyber campaign puts more pressure on federal officials who have promised to stop the plague of ransomware assaults that have crippled local governments, hospitals, and schools throughout the US.

According to a report shared by CNN, the Department of Energy is one of the federal agencies that have been hacked.

When the Department of Energy discovered that documents from two department entities had been stolen, it took immediate steps to reduce the consequences of the breach.

Oak Ridge Associated Universities, a non-profit research center, is one of the Department of Energy’s victims. The other victim is a contractor with the department’s Waste Isolation Pilot Plant in New Mexico, which disposes of atomic energy.

The State Department and the Transportation Security Administration claimed they were not hacked.

Progress Software, the company that provides the software, confirmed the discovery of a new vulnerability in the software that a bad actor might exploit.

“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said.

Johns Hopkins University in Baltimore and the university’s renowned health system said that “sensitive personal and financial information,” including health billing records, may have been stolen in the hack.

Meanwhile, Georgia’s state university system, which includes the 40,000-student University of Georgia as well as more than a dozen other state schools and institutions, acknowledged it was looking into the scope and severity of the attack.

CLOP claimed responsibility for part of the breaches last week, which also impacted workers of the BBC, British Airways, the oil company Shell, and state governments in Minnesota and Illinois, among others.

Although Russian hackers were the first to exploit the MOVEit vulnerability, analysts believe that other parties may now have access to the software code required to carry out assaults.

The ransomware group had given victims until Wednesday to contact them about paying the ransom, after which they began listing more purported victims of the breach on their dark web extortion site.

The dark website did not mention any US federal agencies as of Thursday morning. 

Instead, the hackers stated in all caps, “If you are a government, city, or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”

Hence, the identification of these flaws and subsequent intrusions serves as a sobering reminder of the continuous risks to cybersecurity and the necessity for continued attention and preventative actions to defend against possible attacks.

CISA recommends that all affected users and organizations study the MOVEit Transfer advice, implement the suggested countermeasures, and update as soon as patches become available.

Looking For an All-in-One Multi-OS Patch Management Platform – 

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Aembit Announces Speaker Lineup for the Inaugural NHIcon

Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for...

Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%

Sweet Security, a leader in cloud runtime detection and response, today announced the launch...

ShadowSyndicate Hackers Added RansomHub Ransomware to their Arsenal

ShadowSyndicate is a prolific threat actor that has been active since July 2022, collaborated...

5,000 WordPress Sites Hacked in New WP3.XYZ Malware Attack

Widespread malware campaigns detected by side crawlers exploit vulnerabilities on multiple websites where the...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

ShadowSyndicate Hackers Added RansomHub Ransomware to their Arsenal

ShadowSyndicate is a prolific threat actor that has been active since July 2022, collaborated...

5,000 WordPress Sites Hacked in New WP3.XYZ Malware Attack

Widespread malware campaigns detected by side crawlers exploit vulnerabilities on multiple websites where the...

Hackers Exploiting Fortinet Zero-day Vulnerability In Wild To Gain Super-Admin Privileges

A critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products is being actively exploited...