U.S. Government Agencies Hit in Massive Global Cyberattack
WASHINGTON D.C. (KPEL News) - The U.S. government's agency for combatting cyberattacks has acknowledged a major cybersecurity breach affecting multiple government agencies.
The US Cybersecurity and Infrastructure Security Agency is working on addressing the issue, which is related to a global cyberattack that hit agencies in other countries, like the U.K., according to a report from CNN.
The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. “We are working urgently to understand impacts and ensure timely remediation.”
It was not immediately clear if the hackers responsible for breaching the federal agencies were a Russian-speaking ransomware group that has claimed credit for numerous other victims in the hacking campaign.
A CISA spokesperson had no comment when CNN asked who carried out the hack of federal agencies and how many have been affected.
The hacking campaign has been going on for weeks, according to the report, with various agencies and even university systems having been hit.
Johns Hopkins University in Baltimore and the university’s renowned health system said in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.
Meanwhile, Georgia’s state-wide university system – which spans the 40,000-student University of Georgia along with over a dozen other state colleges and universities – confirmed it was investigating the “scope and severity” of the hack.
The cyberattack stems from a software exploit found in software used by several government agencies.
The Russian-speaking hacking group known as CLOP – a well-known group whose "favored malware emerged in 2019," according to reports – began exploiting a new flaw in a widely used file-transfer software known as MOVEit back in May. They used that flaw to target as many organizations and agencies as they could.
Such a massive attack leaves these agencies and the people who work at them vulnerable to blackmail and extortion, experts have warned. Last week, the group claimed credit for some of the hacks seen around the world, which have affected employees of the BBC, British Airways, Shell, and state governments throughout the U.S.
Progress, the U.S. firm that owns the MOVEit software, has also urged victims to update their software.