Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Several US government agencies affected in MOVEit attack

A number of US government agencies have been named the latest victims of the MOVEit file transfer cyber attack that occurred late last month.

user icon Daniel Croft
Fri, 16 Jun 2023
Several US government agencies affected in MOVEit attack
expand image

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced that a number of government departments, including the Department of Energy, had records compromised as part of the file-sharing service attack.

No other agencies have been named specifically, but a spokesperson for CISA said that the list is small and does not include any military or intelligence agencies.

The group claiming to be behind the attack, the Russia-based Clop ransomware gang, is yet to have sent any of the government agencies ransomware demands, and those affected are yet to observe any sign that data has been compromised.

============
============

Clop gained access to MOVEit systems through an SQL injection vulnerability, which Progress Software has since discovered, leading to MOVEit patching it.

“Progress has discovered a vulnerability in MOVEit Transfer and MOVEit Cloud that could lead to escalated privileges and potential unauthorised access to the environment,” Progress said in a security update.

Alongside the US government, major organisations such as the BBC and British Airways have also fallen victim to Clop’s attack on MOVEit and have received extortion demands via the threat group’s dark web leak site.

“Clop is one of top organization offer penetration testing service after the fact,” Clop’s ransom notice read, written in broken English.

“This is announcement to educate companies who use progress MOVE1t [sic] product that chance is that we download alot of your data as part of exception, exploit we are the only one who perform such attack and relax because your data is safe.”

“You have 3 day to discuss price and if no agreement you custom page will be created … after 7 days all you data will start to be publication,” the note read.

“You chat will close after 10 not productive day and data will be publish.”

Clop has also ensured that users who do pay a ransom will have their data deleted from the threat groups archives and that it will provide them with proof that it has done so.

Australia’s own government agencies are also under threat from data breaches after it was reported that data of several of the nation’s government agencies had been compromised as a result of the attack by Russian state-sponsored hacking group ALPHV on law firm HWL Ebsworth.

Agencies, including the Australian Federal Police, the Australian Taxation Office, and the Department of Defence, were reportedly affected.

[See more – MORE DETAILS OF CLOP’S MOVEIT TRANSFER CAMPAIGN EMERGE, AS CISA AND FBI RELEASE ADVISORY]

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.