CNN
—
“Multiple” US government agencies have been hit by a global cyberattack that exploited a vulnerability in widely used software.
The US Cybersecurity and Infrastructure Security Agency “provides support to many federal agencies that have experienced intrusions” affecting vulnerable software exploited by hackers, Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement. statement on Thursday by CNN. “We are working urgently to understand the impacts and ensure a timely fix.”
It was not immediately clear whether the hackers responsible for breaching federal agencies were a Russian-speaking ransomware group that claimed credit for several other victims of the hacking campaign.
A CISA spokesperson had no comment when CNN asked who hacked the federal agencies and how many were affected.
But the news adds to the growing number of victims of a wide-ranging hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree has increased pressure on federal officials who have vowed to put a dent in the scourge of ransomware attacks that have terrorized schools, hospitals and local governments across the US.
Johns Hopkins University in Baltimore and the prestigious university health system said in a statement this week that “sensitive personal and financial information,” including health billing records, may have been stolen in the hack. .
Meanwhile, Georgia’s state university system — which houses the 40,000-student University of Georgia along with more than a dozen other state colleges and universities — confirmed it was investigating the “extent and severity” of hack.
A Russian-speaking hacking group known as CLOP last week claimed credit for some of the hacks, which also affected employees of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, etc.
Russian hackers were the first to exploit the vulnerability, but experts say other groups may have access to the software code needed to carry out the attacks.
The ransomware group gave victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web. As of Thursday morning, the dark website did not list any US federal agencies.
The episode shows the widespread impact that a software flaw can have when exploited by skilled criminals.
Hackers – a notorious group whose favored malware emerged in 2019 – in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, which showed to target as many exposed organizations as they can. The opportunistic nature of the hack leaves a wide swath of organizations vulnerable to extortion.
Progress, the US company that owns the MOVEit software, also encouraged victims to update their software packages and issued a security advisory.
