The University of California, Los Angeles (UCLA) has become the latest institution to fall victim to a cyberattack. While university officials have confirmed the incident, they have refrained from disclosing specific details regarding the compromised information and any potential data exposure on online platforms, according to Los Angeles Times.
The cyber attack on UCLA follows a widespread campaign that has targeted hundreds of organizations and businesses, leaving a trail of victims in its wake.
Notable entities that have been affected include the US Department of Health and Human Services, multinational law firm Kirkland & Ellis, several states such as Oregon, Missouri, and Illinois, the California Public Employees' Retirement System, the New York City Department of Education, French multinational company Schneider Electric, and even the Nova Scotia government.
A list released online by the ransomware group responsible for these attacks highlights the broad scope of their operations.
UCLA Identified Breach
According to UCLA officials, the breach was discovered on May 28 within the university's file transfer system, facilitating the seamless exchange of data within the campus community and external entities.
Taking immediate action, UCLA enacted its incident-response procedure and closed the security loophole exploited by the hackers. Progress Software, the developers of MOVEit, a file transfer software product utilized by the university, provided an update that effectively patched the vulnerability.
In response to the incident, a UCLA spokesperson confirmed that the university promptly notified the Federal Bureau of Investigation (FBI) and collaborated with external cybersecurity experts to conduct a thorough investigation.
The primary objectives of this investigation were to determine the nature of the attack, identify the specific data impacted, and ascertain the rightful owners of the compromised information.
However, it is important to note that the spokesperson emphasized that the incident did not involve ransomware and that there is no evidence to suggest any impact on other campus systems.
Ransomware Gang
Despite UCLA's reluctance to provide detailed information about the attack and the identity of the perpetrators, experts in the field of technology who have been monitoring the cyberattack have claimed that the CL0P Ransomware Gang successfully stole data from around 16 million users.
Exploiting a vulnerability present in the MOVEit Transfer tool, this group, also recognized as TA505, reportedly employed malware to gain unauthorized entry into user databases.
In recognition of the gravity of the situation, Progress Software has been collaborating with the Department of Homeland Security and the FBI to address these attacks, according to Eric Goldstein, the executive director of the Cybersecurity and Infrastructure Security Agency (CISA).
Goldstein further noted CISA's dedication to promptly informing vulnerable organizations, encouraging swift remedial action, and extending technical support whenever necessary.
As per Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, the CL0P cyberattacks have impacted 148 confirmed victims, with 11 organizations publicly disclosing the number of individuals affected by the breach.
In a post on Twitter, Callow revealed that the personal information of approximately 16.2 million individuals had been compromised. Nevertheless, this figure is anticipated to rise significantly once the remaining 137-plus victims come forward and divulge the extent of their respective situations.