Multiple US federal government entities have been targeted by a widespread cyberattack that took advantage of a flaw in widely used software.
Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency (CISA), said that authorities are aiding numerous US government departments hit by assaults targeting their MOVEit apps. CISA is methodically assessing implications and facilitating swift remedies, according to CNN.
It is unknown whether the hackers who breached government offices are connected to a Russian-speaking ransomware organization claiming responsibility for past operations.
This incident adds to the growing number of victims impacted by a widespread cyberattack that started two weeks ago and targets state governments and major US colleges. The increasing danger of ransomware attacks, affecting schools, hospitals, and municipal governments countrywide, puts pressure on federal authorities.
Russian-Speaking Suspects
According to Johns Hopkins University and its renowned health system, sensitive financial and personal data, including health billing records, may have been taken in the attack. A probe into the scope and seriousness of the breach has also been verified by Georgia's state-run university system, which includes the University of Georgia and several other state institutions and universities.
Charles Carmakal, chief technology officer of Mandiant, a Google-owned cybersecurity firm, the MOVEit breaches have resulted in data theft from government organizations. What information was taken or how much government systems were disrupted is unclear.
CISA Director Jen Easterly identified the hackers as a "well-known" ransomware organization that the agency has been following, per NBC News. The reference most likely relates to the cybercriminal organization known as CL0P. According to Allan Liska, a ransomware specialist at Recorded Future, the cybercriminal organization is mostly made up of Russian speakers.
CL0P had given victims till Wednesday to begin ransom discussions; beyond that time, they started announcing new victims on their extortion website on the dark web.
Cyberattack Victims List Posted By Ransomware Group
CL0P has exposed the first batch of businesses reportedly affected by the MOVEit vulnerability, while the exact number of victims is yet unclear, according to TechCrunch. US financial services companies 1st Source and First National Bankers Bank, Boston-based investment management company Putnam Investments, Dutch company Landal Greenparks, and UK-based oil giant Shell are among the victims that have been publicly identified.
Although it was previously mentioned on the leak site, GreenShield Canada, a nonprofit benefits provider, has now been taken off. Other victims include American manufacturer Leggett & Platt, Swiss insurance firm KK, financial software provider Datasite, educational nonprofit National Student Clearinghouse, student health insurance provider United Healthcare Student Resources, and the University System of Georgia.
Last week, the FBI and CISA warned about CL0P's exploitation of a previously unidentified MOVEit vulnerability. Brett Callow, an analyst at cybersecurity company Emsisoft, said the hackers quickly seized information from at least 47 businesses and requested money to avoid their publishing online.
Progress, the proprietor of MOVEit, urged victims to boost their software and follow security advice.
Related Article : State-Sponsored Chinese Hackers Infiltrate Global Networks