Multiple federal agencies are responding to a large-scale breach affecting a product used to transfer sensitive data, a senior government official confirmed Thursday.
The breaches are connected to a file-transfer program called MOVEit, which has a security hole that Russian-speaking cybercriminals have recently exploited to steal data from companies and demand ransom payments.
“CISA is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, executive assistant director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency, said in a statement. “We are working urgently to understand impacts and ensure timely remediation.”
CISA and the National Security Council did not respond to a request for comment about which federal agencies had been hacked and whether any of the networks had been encrypted or if they’d received a ransom demand.
About a dozen U.S. agencies have active contracts with MOVEit, according to the federal data procurement system.
It was unclear who was behind the breach, which was first reported by CNN.
However, a Russian-speaking cybercriminal group called CL0P has been waging a widespread data extortion campaign involving a vulnerability in MOVEit. CISA did not respond to a query about whether CL0P was behind this breach. Representatives for the FBI and the NSA did not immediately respond to requests for comment on the attacks.
Last week, CISA and the FBI published a joint cybersecurity advisory detailing steps that federal agencies and private sector networks should take to protect their networks from CL0P’s exploitation of MOVEit’s software.
File-transfer applications have become popular targets for ransomware groups because they are a one-stop shop for victims to host sensitive data. CL0P has exploited vulnerabilities in two similar products in the past, CISA and the FBI said in their advisory.
An aide for Senate Homeland Security and Governmental Affairs Chair Gary Peters (D-Mich.) said via an email that Peters “is aware of this situation and our office has asked CISA for more information on the impacts of this vulnerability.” The aide was granted anonymity to discuss the evolving investigation.
CL0P is believed to have begun stealing the files of a number of unnamed victims on Labor Day weekend, according to the government advisory. It gave them until June 14 to respond to its ransom demand, and threatened to publish victims’ sensitive data if they did not, according to security researchers.
No federal agencies' data appears to have been leaked by CL0P thus far, said Allan Liska, a ransomware expert at Recorded Future who monitors the group’s online presence. However, Liska said that should not come as a surprise given the group’s likely ties to the Kremlin.
“They likely have to check with their handlers before releasing that type of information,” Liska said.
The breach is the latest of a series of cyber operations against federal agencies in recent years. Most famously, in 2020, at least a dozen agencies were compromised as part of the SolarWinds breach, in which Russian government hackers gained access to these systems for over a year through exploiting a vulnerability in an update in software from cybersecurity group SolarWinds.
from Politics, Policy, Political News Top Stories https://ift.tt/s025ya6
via IFTTT
0 comments:
Post a Comment