On Thursday, a widespread software vulnerability was exploited in a global cyberattack that targeted numerous US federal government agencies. This attack prompted an urgent response from cybersecurity officials.
In a statement to CNN, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed the attacks. Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity, stated that they are assisting several federal agencies affected by intrusions and are actively working to assess the extent of the impact and facilitate prompt remediation.
According to a senior US Government official speaking to CBS, there is currently no evidence of compromise in the US military and intelligence agencies. However, multiple federal departments have fallen victim to a substantial cyberattack.
In the United States, multiple federal agencies, including the Department of Energy, have fallen prey to targeted cyberattacks. Furthermore, Johns Hopkins affiliated hospitals in Maryland and Florida, the Georgia statewide university system, and the Minnesota Department of Education have also experienced the impact of these attacks. The reach of the cyberattack extends beyond national borders, with notable victims such as BBC and British Airways.
The ramifications of this attack have reached international entities as well, with companies in Germany, Belgium, Switzerland, and Canada being affected. Cybersecurity experts now consider this event as potentially the most extensive instance of data theft and extortion in recent history.
Anne Neuberger, the Deputy National Security Advisor for Cyber, highlighted that the perpetrators have already begun releasing some of the stolen data as part of their extortion schemes. Urgent action is strongly advised by Neuberger, who urges all users of the targeted software to promptly implement security patches and fortify their systems.
The origins of this event are suspected to be linked to a cybercriminal organization called the Clop Ransomware Gang, believed to be based in Russia.
According to reports, the hacker group has managed to amass significant volumes of stolen data and has proceeded to issue threats of releasing all the compromised information if their ransom demands are not met within a strict seven-day timeframe. The potential exposure of this data on the Dark Web adds an additional layer of concern for the affected parties.
In a troubling development, BBC has reported that the hacker group has already released certain details such as names and company information, accompanied by further threats of releasing additional data.
Brent Callo, a cybersecurity expert, has raised concern regarding the potential misuse of this stolen data by foreign adversaries and criminal entities. He highlights the possibility that foreign governments might exploit the information obtained through the Clop cyberattack to gain an advantageous position or further their own interests.
Watch:
During an interview with MSNBC’s Andrea Mitchell, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency said, “It’s a software that federal agencies and companies across the world use. We put out an advisory about this last week. And we’re responding to it.”
“Right now we’re focused specifically on those federal agencies that may be impacted and we’re working hand in hand with them to be able to mitigate that risk,” Easterly said.
Easterly posted the following in a series of tweets Thursday:
ICYMI: We’re currently providing support to several federal agencies that have experienced intrusions affecting their #MOVEit file transfer applications, though we are not tracking any significant impacts to federal civilian networks at this time.
While our teams are urgently focused on addressing risks posed by the #MOVEit vulnerability, from what we understand, threat actors are only stealing information that is being stored on the file transfer application at the precise time that the intrusion occurs.
Based on convos w/our JCDC industry partners, we don’t see these intrusions being leveraged to gain broader access, gain persistence into targeted systems, or steal specific high value info. In sum, as we understand it, this attack is largely opportunistic.
Although we’re very concerned about this campaign & working it urgently, this is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks.
