A global cyberattack that takes advantage of a flaw in widely used software has targeted “a few” US federal government agencies.
A global cyberattack that takes advantage of a flaw in widely used software has targeted “a few” US federal government agencies.
According to Eric Goldstein, the agency’s executive assistant director for cybersecurity, the US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions” affecting vulnerable software that the hackers exploited, in a statement to CNN on Thursday.
“We are working quickly to comprehend the effects and guarantee prompt remediation.” It was unclear right away if the ransomware group that has claimed responsibility for numerous other victims in the hacking campaign were the hackers who broke into the federal agencies.
When CNN questioned who was responsible for the hack of federal agencies and how many people were impacted, a CISA spokesperson had nothing to say. The news, however, raises the total number of victims of a massive hacking campaign that started two weeks ago and has already targeted state governments and well-known US universities.
The hacking spree puts more pressure on federal officials who have promised to do something about the ransomware scourge that has crippled local governments, hospitals, and schools across the US. In a statement released this week, Johns Hopkins University in Baltimore and the school’s renowned health system warned that the hack may have exposed “sensitive personal and financial information,” including medical billing records.
Georgia’s state-run university system, which includes the University of Georgia, which has 40,000 students, as well as more than a dozen other state colleges and universities, confirmed it was looking into the “scope and severity” of the hack.
The hacks, which also affected staff members of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, among others, were claimed last week by a Russian-speaking hacking group known as CLOP. Although other groups may now have access to the software code required to launch attacks, the Russian hackers were the first to take advantage of the vulnerability, according to experts.
Before listing additional alleged victims from the hack on their extortion website on the dark web, the ransomware group had given victims until Wednesday to get in touch with them about paying a ransom.
The dark website did not list any US federal agencies as of Thursday morning. The incident demonstrates the broad effects that a single software flaw can have if it is used by knowledgeable criminals.
In late May, the hackers—a well-known group whose preferred malware first surfaced in 2019—started taking advantage of a fresh vulnerability in the widely used file-transfer programme MOVEit, appearing to target as many vulnerable organisations as they could.
Due to the hack’s opportunistic nature, many different organisations were left open to extortion. The US company Progress, which owns the MOVEit software, has also advised victims to update their software and has provided security guidance.