US Federal agencies and NATO member countries have been hit by a global cyberattack, which government officials are working to limit the impact of. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed it was assisting several federal agencies that have experienced intrusions affecting their file transfer applications. The hackers compromised a vulnerability in a widely used software that companies worldwide use to move large files, according to Anne Neuberger, deputy national security advisor for cyber and emerging technology for the National Security Council. Victims of the attack include Johns Hopkins University, the University of Georgia, the BBC, and British Airways.
According to cybersecurity experts, the hacking gang has been active since at least 2014 and is believed to operate from Russia with the tacit approval of Moscow’s intelligence services. CISA Director Jen Easterly identified the hackers as CLOP Ransomware. Brett Callow, a cyber threat analyst with Emsisoft, told CBS News that there were 47 confirmed victims so far, “plus a number of as yet unidentified US government agencies.” He added that CLOP claimed “hundreds of organizations have been impacted.”
CLOP works by seizing sensitive data and holding it for ransom, threatening “after 7 days your data will start to be published.” It is exploiting a vulnerability in a software program called MoveIt Transfer, which is widely used to transfer data. At this point, the government is “focused specifically on the federal agencies that may be impacted” and is “working hand-in-hand with them to mitigate the risk,” according to Easterly.
Late Thursday afternoon, a senior CISA official declined to identify which government agencies had been affected, but noted that the Energy Department had issued a statement indicating it had reported an incident to CISA. The official also said that at this time, there is no indication that any of the military branches or the intelligence community were impacted.
The FBI and CISA warned last week that in late May, a ransomware gang began exploiting a vulnerability in the file-sharing software MoveIt Transfer. The FBI declined to comment, but referred CBS News to the security advisory about MoveIt, which also encouraged private sector partners to implement recommended measures to protect themselves from the ransomware and to report any suspicious cyber activity to local FBI offices and CISA.
The breach has been characterized as one of the largest theft and extortion events in recent history, although there have been no federal agencies that have so far received extortion demands, and no federal data has been leaked. According to CISA, many organizations had already patched the vulnerability before the cyber actors were able to intrude. The government is urging anyone who was a user of the software to patch and lock down their systems.
In conclusion, the US government officials are racing to limit the impact of a global cyberattack that has affected US Federal agencies and NATO member countries. The hackers compromised a vulnerability in a widely used software that companies worldwide use to move large files. The breach is said to be one of the largest theft and extortion events in recent history. CISA and other government agencies are working to mitigate the risks and urging anyone who was a user of the software to patch and lock down their systems.
Original Story at www.cbsnews.com – 2023-06-16 12:32:00