CISA: US Government Hit With New Russian Cyberattacks
According to new reports, multiple US government agencies, as well as “several hundred” companies and organizations have been targeted as part of a recent Russian-based hacking spree.
Eric Goldstein, executive assistant director for cybersecurity for the US Cybersecurity and Infrastructure Security Agency or CISA, informed CNN that the agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” an added that, “we (CISA) are working urgently to understand impacts and ensure timely remediation.”
The ransomware outfit that has claimed responsibility for the attacks is known as CLOP. In the past, the group has demanded multimillion-dollar ransoms, but at this time, no ransom demands have been made to any US federal agencies.
Progress Software, the American software firm that produces the MOVEit applications exploited by the hackers, recently stated that it had discovered a second vulnerability in the code which they are actively working to remedy. “We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said in a statement.
Among the federal agencies affected is the Department of Energy, a department spokesperson confirmed to CNN. The Department “took immediate steps” to attempt to mitigate any possible impact as a result of the hack after discovering records from two department “entities” had been compromised, the department spokesperson said.
Among the victims of the breach are:
- Oak Ridge Associated Universities
- A Waste Isolation Pilot Plant in New Mexico
- Georgia’s state-wide university system
- Employees of the British Broadcasting Company (BBC)
- British Airways
- Shell Oil
- State governments in Minnesota and Illinois
The CLOP ransomware group gave victims until Wednesday to make contact regarding payment of ransom. They then began listing more of the alleged victims on their dark web extortion site. As of last Thursday, CLOP's website did not list any US federal agencies. The hackers did leave a note, however, that stated: “If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”