MOVEit Hack: U.S. Government Agencies hit in massive cyberattack by Russian Ransomware Gang

A spokesperson stated that the U.S. Department of Energy was one of the victims of the MOVEit hack from the cybercriminal organization known as Clop, which has ties to Russia. However, the attack was stated to be just an “opportunistic one”.

It was reported that multiple financial organizations were victims of the hack along with several federal organizations that are part of the U.S. Government. The hacking group responsible for the cyber-attack has been linked to various names, including Cl0p, TA505, and Lace Tempest.

The Cybersecurity and Infrastructure Security Agency (CISA) states that several U.S. Government federal agencies have “experienced intrusions affecting their MOVEit applications.” A vulnerability in the MOVEit transfer tool, developed by Progress Software, was exploited to carry out the cyberattack.

Progress, in its advisory, cautioned that the identified vulnerability, known as CVE-2023-35708, has the potential to result in unauthorized access to customer environments.

Organizations Affected

On Friday, a spokesperson revealed that the U.S. Department of Energy received ransom demands from Cl0p, an extortion group associated with Russia. The department’s nuclear waste facility and scientific education facility, both of which were recently targeted in a widespread hacking campaign, were the specific targets of these requests.

The recent attack, initially reported on Thursday, impacted Oak Ridge Associated Universities, a contractor for the U.S. Department of Energy (DOE), as well as the Waste Isolation Pilot Plant. The latter is a facility located in New Mexico that handles the disposal of radioactive nuclear waste related to defence activities.

U.S. Department of Energy one of the victims of the MOVEit hack. credit: Duniya news

The personally identifiable information of thousands of energy employees and contractors could have potentially been exploited and exposed as a consequence of this cyberattack.

On June 15th , the Russia-linked ransomware group released the initial set of affected organizations, which included prominent entities such as 1st Source and First National Bankers Bank, both U.S.-based financial services organizations, as well as Shell, a major energy company in the United Kingdom.

Clop, the Russia-linked ransomware group, has recently disclosed an additional group of organizations that they assert to have targeted using the MOVEit vulnerability. This newly listed set of victims includes the Boston Globe, East Western Bank located in California, Enzo Biochem, a biotechnology company based in New York, and Nuance, an AI firm owned by Microsoft.

In a recent statement, Johns Hopkins University and its renowned health system disclosed the potential theft of sensitive personal and financial information, including health billing records, due to the cyberattack they experienced.

Similarly, Georgia’s state-wide university system, comprising multiple educational institutions including the University of Georgia, is actively assessing the scale and severity of the breach.

CLOP, the ransomware group, has claimed responsibility for some of the compromised systems, affecting notable entities like the BBC, British Airways, and state governments in Minnesota and Illinois, among others.

Steps taken after attack

After discovering that records from two entities under the U.S. Department of Energy (DOE) were compromised in the global cyberattack on the file-sharing software, MOVEit Transfer, the DOE swiftly implemented measures to prevent additional vulnerability exposure.

 The department promptly informed the Cybersecurity and Infrastructure Security Agency (CISA) and has taken steps to collaborate with law enforcement, CISA, and the affected entities to conduct an investigation into the incident and minimize the consequences of the breach. Congressional notification has also been made by the DOE regarding the matter.

During a press conference held on Thursday to discuss the vulnerability in MOVEit software, Jen Easterly, the director of CISA, stated that the cybersecurity agency is actively collaborating with affected government agencies to assess the consequences and promptly address the situation.

While it remains uncertain if any data has been compromised, Easterly emphasized that the intrusions were not intended for the theft of specific valuable information or to establish persistent access to targeted systems.

According to senior officials of the CISA, the attack was on opportunistic one as there have been to threats of releasing or using any data stolen from the federal agencies. The ransomware group Clop, widely believed to be accountable for the incident, is notorious for demanding multimillion-dollar ransoms. However, the official clarified that no ransom requests have been made to federal agencies in this particular case.

Leave a Comment