June 16, 2023
In a widespread hacking campaign, multiple US federal government agencies and prominent organisations have fallen victim to cyberattacks. The attacks exploited a vulnerability in widely used file-transfer software called MOVEit Transfer, which is commonly utilized by organizations to exchange files with partners and customers.
The Cybersecurity and Infrastructure Security Agency (CISA), responsible for safeguarding the nation's cyber infrastructure, confirmed the breaches.
While specific agencies impacted were not disclosed, the Department of Energy acknowledged the breach and stated that immediate steps were taken to mitigate the impact. The extent of the breaches and their consequences are currently being assessed.
"We are working urgently to understand impacts and ensure timely remediation," Eric Goldstein, CISA's executive assistant director for cybersecurity, said in a statement.
The cyberattacks were not limited to the US, as entities in the UK and other countries also reported being infiltrated through the same software.
British energy giant Shell, the Johns Hopkins University and Health System, and the University System of Georgia were among the organisations affected.
The hackers behind the campaign seized upon a security flaw in the MOVEit Transfer software, which was discovered by its maker, Progress Software, last month. This vulnerability allowed unauthorised access to sensitive information, potentially exposing personal and financial data.
Although it remains unclear who precisely orchestrated the attacks, a Russian-speaking ransomware group known as Cl0p has claimed credit for previous hacking incidents related to the same campaign. Cl0p has stated that it does not intend to exploit the data taken from government agencies and has even erased their information.
"There is no evidence of impact to Shell’s core IT systems," Shell spokeswoman Anna Arata said. "There are around 50 users of the tool, and we are urgently investigating what data may have been impacted."
Authorities, including CISA, the FBI, and the National Security Agency, are actively investigating the breaches and working to understand their full impact.
Despite the seriousness of the situation, CISA Director Jen Easterly has expressed confidence in the government's defensive improvements, assuring the public that significant impacts to federal agencies are not expected.
Progress Software has advised affected organisations to update their software and has provided security recommendations to mitigate future risks.
This hacking campaign highlights the potential consequences of a single software flaw when exploited by skilled cybercriminals.
It underscores the critical importance of maintaining robust cybersecurity measures to protect sensitive data and prevent unauthorised access.