Multiple U.S. federal agencies have been targeted in cyberattacks exploiting a security vulnerability in the widely-used file transfer tool MOVEit Transfer, the U.S. government has confirmed. The Cybersecurity and Infrastructure Security Agency (CISA) stated that several government agencies experienced intrusions related to the exploitation of the MOVEit flaw.

These attacks have been attributed to the Russia-linked Clop ransomware gang, which has recently started publishing the names of organizations it claims to have hacked by leveraging the vulnerability.

While the specific number and names of affected agencies were not disclosed, the Department of Energy confirmed that two of its entities were among those breached. The compromised DOE entities were identified as Oak Ridge Associated Universities and a Waste Isolation Pilot Plant in New Mexico. The breach potentially exposed the personally identifiable information of tens of thousands of individuals, including employees and contractors.

Other U.S. agencies, including the Department of the Army, the Department of the Air Force, and the Food and Drug Administration, also have active MOVEit contracts. The extent of the impact on these agencies is yet to be determined.

CISA director Jen Easterly addressed the situation in a press conference, stating that the agency is working urgently with impacted agencies to assess the impact and remediate the vulnerabilities. Although it is unclear whether data has been stolen, Easterly emphasized that the attacks do not appear to be focused on stealing high-value information or gaining persistent access to targeted systems.

In response to the ongoing attacks, Clop has added new victims to its list, including the Boston Globe, East West Bank, Enzo Biochem, and Nuance, a Microsoft-owned AI firm. The ransomware group recently posted the names of other impacted organizations, such as financial services companies 1st Source and First National Bankers Bank, as well as energy giant Shell.

To address the situation, Progress Software, the developer of MOVEit Transfer, has released a patch to address a new vulnerability (CVE-2023-35708) that could potentially allow unauthorized access to customer environments.

The investigations into these cyberattacks are ongoing, and affected agencies are working with law enforcement, CISA, and other entities to mitigate the impacts and strengthen their cybersecurity defenses.

Multiple U.S. federal agencies have been targeted in cyberattacks exploiting a security vulnerability in the widely-used file transfer tool MOVEit Transfer, the U.S. government has confirmed. The Cybersecurity and Infrastructure Security Agency (CISA) stated that several government agencies experienced intrusions related to the exploitation of the MOVEit flaw.

These attacks have been attributed to the Russia-linked Clop ransomware gang, which has recently started publishing the names of organizations it claims to have hacked by leveraging the vulnerability.

While the specific number and names of affected agencies were not disclosed, the Department of Energy confirmed that two of its entities were among those breached. The compromised DOE entities were identified as Oak Ridge Associated Universities and a Waste Isolation Pilot Plant in New Mexico. The breach potentially exposed the personally identifiable information of tens of thousands of individuals, including employees and contractors.

Other U.S. agencies, including the Department of the Army, the Department of the Air Force, and the Food and Drug Administration, also have active MOVEit contracts. The extent of the impact on these agencies is yet to be determined.

CISA director Jen Easterly addressed the situation in a press conference, stating that the agency is working urgently with impacted agencies to assess the impact and remediate the vulnerabilities. Although it is unclear whether data has been stolen, Easterly emphasized that the attacks do not appear to be focused on stealing high-value information or gaining persistent access to targeted systems.

In response to the ongoing attacks, Clop has added new victims to its list, including the Boston Globe, East West Bank, Enzo Biochem, and Nuance, a Microsoft-owned AI firm. The ransomware group recently posted the names of other impacted organizations, such as financial services companies 1st Source and First National Bankers Bank, as well as energy giant Shell.

To address the situation, Progress Software, the developer of MOVEit Transfer, has released a patch to address a new vulnerability (CVE-2023-35708) that could potentially allow unauthorized access to customer environments.

The investigations into these cyberattacks are ongoing, and affected agencies are working with law enforcement, CISA, and other entities to mitigate the impacts and strengthen their cybersecurity defenses.