Skip to main content
Tags: hacking | cisa | government | software | cybersecurity

US Government Agencies Hit in Global Hacking Spree

Thursday, 15 June 2023 07:39 PM EDT

Several U.S. government agencies have been hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, the nation's cyber watchdog agency said on Thursday.

The statement by the Cybersecurity and Infrastructure Security Agency (CISA) added to a growing list of entities in the U.S., UK and other countries whose systems were infiltrated through the MOVEit Transfer software. The hackers took advantage of a security flaw that its maker, Progress Software, discovered late last month.

"We are working urgently to understand impacts and ensure timely remediation," Eric Goldstein, CISA's executive assistant director for cybersecurity, said in a statement.

CISA did not identify the U.S. agencies hit or detail the impact on them.

The New York Times reported that the Energy Department was among those affected. The Times report also attributed the attack to a Russian ransomware group, though it said CISA, a division of the Homeland Security Department, did not have evidcnce linking the ransomware group to the Russian government.

“Although we are very concerned about this campaign, this is not a campaign like SolarWinds that poses a systemic risk,” Jen Easterly, CISA director, told reporters on Thursday, according to the Times report. She was speaking of a massive data breach that compromised several U.S. intel agencies three years ago.

British energy giant Shell, the Johns Hopkins University, the Johns Hopkins Health System and the University System of Georgia were also hit, they said in separate statements.

Shell spokeswoman Anna Arata said MOVEit Transfer is used by "a small number" of Shell employees and customers.

"There is no evidence of impact to Shell’s core IT systems," she said. "There are around 50 users of the tool, and we are urgently investigating what data may have been impacted."

Johns Hopkins said it was "investigating a recent cybersecurity attack targeting a widely used software tool that affected our networks, as well as thousands of other large organizations around the world."

The University System of Georgia, which groups about 26 public colleges, said it was "evaluating the scope and severity of this potential data exposure" from the MOVEit hack.

Large organizations including the UK's telecom regulator, British Airways, the BBC and drugstore chain Boots emerged as victims last week.

The UK telecom regulator said hackers stole data from its systems, while the personal information of tens of thousands of employees of British Airways, Boots and the BBC was also exposed.

CISA did not immediately respond to requests seeking further comment. The FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches.

The United States does not expect any "significant impact" from the breach, CISA Director Jen Easterly told MSNBC.

MOVEit is typically used by organizations to transfer files between their partners or customers. A MOVEit spokesperson said the company had "engaged with federal law enforcement" and was working with customers to help them apply fixes to their systems.

NEW VULNERABILITY FOUND

Progress Software's shares ended down 6.1% on Thursday. The company disclosed another "critical vulnerability" it found in MOVEit Transfer on Thursday, although it was not clear whether it had been exploited by hackers.

The online extortion group Cl0p, which has claimed credit for the MOVEit hack, has previously said it would not exploit any data taken from government agencies.

"IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA," the group said in a statement on its website.

Cl0p did not immediately responded to a request for comment.

John Hammond, a security researcher at Huntress, said MOVEit is used to transfer sensitive information, such as by bank customers to upload their financial data for loan applications.

"There's a whole lot of potential for what an adversary might be able to get into," he said earlier this month.

Newsmax contributed to this report.

© 2024 Thomson/Reuters. All rights reserved.


US
Several U.S. government agencies have been hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, the nation's cyber watchdog agency said on Thursday.The statement by the Cybersecurity and Infrastructure Security Agency (CISA)...
hacking, cisa, government, software, cybersecurity
638
2023-39-15
Thursday, 15 June 2023 07:39 PM
Newsmax Media, Inc.

Sign up for Newsmax’s Daily Newsletter

Receive breaking news and original analysis - sent right to your inbox.

(Optional for Local News)
Privacy: We never share your email address.
Join the Newsmax Community
Read and Post Comments
Please review Community Guidelines before posting a comment.
 
TOP

Interest-Based Advertising | Do not sell or share my personal information

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved
Download the Newsmax App
NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved