US govt confirms MOVEit cyber attack hit several federal agencies


Washington, Jun 17 (IANS): President Joe Biden's administration has confirmed that several US federal agencies have been hit by a cyber attack, apparently executed by Russia-linked ransomware group Clop, which exploited a critical security vulnerability in a popular corporate file transfer tool.

The Cybersecurity and Infrastructure Security Agency (CISA) said that several government agencies experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer.

"Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the CISA," a Department of Energy (DoE) spokesperson told TechCrunch.

"The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach," the spokesperson added.

CISA director Jen Easterly said the cybersecurity agency is working with impacted agencies "urgently to understand impacts and ensure timely remediation".

"In sum, as we understand it, this attack is largely an opportunistic one. In addition, we are not aware of Clop actors threatening to extort or release any data stolen from U.S. government agencies," he told reporters.

Clop claimed on its website that government data had been erased and no government agencies have yet been listed as victims.

The ransomware gang exploited a security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet.

Progress Software, which develops the MOVEit software, has patched the vulnerability.

Other victims listed include financial software provider Datasite, educational non-profit National Student Clearinghouse, student health insurance provider United Healthcare Student Resources, US manufacturer Leggett & Platt and the University System of Georgia (USG), among others

The government of Nova Scotia, which uses MOVEit to share files across departments, also confirmed it was affected.

  

Top Stories


Leave a Comment

Title: US govt confirms MOVEit cyber attack hit several federal agencies



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.