US Government Agencies Hit By Clop In MOVEit Global Cyberattack

A global cyberattack targeting numerous US federal government institutions has been launched as a result of the recent revelation of vulnerabilities in the MOVEit Transfer and MOVEit Cloud platforms.

According to reports, the claimed responsible ransomware group, Clop, is known to seek multimillion-dollar ransoms. However, no demands for ransom had been made by federal agencies.

The US Cybersecurity and Infrastructure Security Agency is offering assistance to many government agencies whose MOVEit apps have been the target of breaches.

Insights of the Clop In MOVEit Global CyberAttack

The attacks had not had any “significant impacts” on federal civilian agencies; the hackers have been “largely opportunistic” in utilizing the software hole to access networks.

The disclosure increases the number of victims of a massive cyber attack that started two weeks ago and has affected state governments and major US colleges. 

The cyber campaign puts more pressure on federal officials who have promised to stop the plague of ransomware assaults that have crippled local governments, hospitals, and schools throughout the US.

According to a report shared by CNN, the Department of Energy is one of the federal agencies that have been hacked.

When the Department of Energy discovered that documents from two department entities had been stolen, it took immediate steps to reduce the consequences of the breach.

Oak Ridge Associated Universities, a non-profit research center, is one of the Department of Energy’s victims. The other victim is a contractor with the department’s Waste Isolation Pilot Plant in New Mexico, which disposes of atomic energy.

The State Department and the Transportation Security Administration claimed they were not hacked.

Progress Software, the company that provides the software, confirmed the discovery of a new vulnerability in the software that a bad actor might exploit.

“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said.

Johns Hopkins University in Baltimore and the university’s renowned health system said that “sensitive personal and financial information,” including health billing records, may have been stolen in the hack.

Meanwhile, Georgia’s state university system, which includes the 40,000-student University of Georgia as well as more than a dozen other state schools and institutions, acknowledged it was looking into the scope and severity of the attack.

CLOP claimed responsibility for part of the breaches last week, which also impacted workers of the BBC, British Airways, the oil company Shell, and state governments in Minnesota and Illinois, among others.

Although Russian hackers were the first to exploit the MOVEit vulnerability, analysts believe that other parties may now have access to the software code required to carry out assaults.

The ransomware group had given victims until Wednesday to contact them about paying the ransom, after which they began listing more purported victims of the breach on their dark web extortion site.

The dark website did not mention any US federal agencies as of Thursday morning. 

Instead, the hackers stated in all caps, “If you are a government, city, or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”

Hence, the identification of these flaws and subsequent intrusions serves as a sobering reminder of the continuous risks to cybersecurity and the necessity for continued attention and preventative actions to defend against possible attacks.

CISA recommends that all affected users and organizations study the MOVEit Transfer advice, implement the suggested countermeasures, and update as soon as patches become available.

Looking For an All-in-One Multi-OS Patch Management Platform – 

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

5 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

5 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

5 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

5 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago