Senior government officials are currently racing against time to mitigate the impact of a global cyberattack that is believed to be affecting U.S. federal agencies and their allies, including NATO member countries.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday that it is providing support to several federal agencies that have experienced intrusions in their file transfer applications.
“We are urgently working to understand the impacts and ensure timely resolution,” the statement further added.
Anne Neuberger, the deputy national security advisor for cyber and emerging technology for the National Security Council, stated in an interview with CBS News that the hackers exploited a vulnerability in a widely-used software that is used globally for large file transfers.
“The hackers have started releasing some of the stolen data as part of their efforts to extort these companies,” Neuberger explained. “We strongly encourage all software users to patch and secure their systems.”
Cybersecurity experts have characterized this breach as one of the largest theft and extortion events in recent history. The victims include renowned institutions such as Johns Hopkins University, the University of Georgia, the BBC, and British Airways.
It is believed that the hacking gang, identified as CLOP Ransomware by CISA Director Jen Easterly, has been active since at least 2014 and operates with the tacit approval of Moscow’s intelligence services in Russia.
“The gang essentially steals data and seeks to extort victims,” Easterly stated.
Brett Callow, a cyber threat analyst with Emsisoft, confirmed that there have been 47 confirmed victims so far, including several unidentified U.S. government agencies. CLOP claims that hundreds of organizations have been impacted.
Although the senior CISA official declined to disclose the names of the affected government agencies, the Energy Department announced that it had reported an incident to CISA. The official also emphasized that there is no evidence of impact on military branches or the intelligence community.
“This is not a campaign like Solar Winds that poses a systemic risk to national security or our nation’s networks,” the official clarified, referring to a major cyberattack in 2020 attributed to Russian military hackers.
Furthermore, no federal agencies have received any extortion demands, and no federal data has been leaked thus far.
CISA reported that many organizations had already patched the vulnerability before the cyber actors could infiltrate their systems.
The CLOP ransomware works by seizing sensitive data and holding it for ransom, threatening to publish it if the ransom is not paid within 7 days. It exploits a vulnerability in a widely-used software program called MoveIt Transfer, which is commonly used for data transfers.
According to a CISA analyst note, CLOP is a ransomware variant that employs a double extortion strategy. The cybercriminals steal the information, encrypt it, and then demand a ransom to prevent the leaked information from being published on CLOP’s ransomware website.
Easterly stated that the government is currently focused on mitigating the risk for the impacted federal agencies and working closely with them.
“However, we understand that businesses worldwide are also at risk,” she added.
Researcher Bret Callow mentioned that the victims also include banks and credit unions.
Last week, the FBI and CISA issued a warning about a ransomware gang exploiting a vulnerability in the file-sharing software MoveIt Transfer since late May. The FBI encouraged private sector partners to implement recommended measures for protection and report any suspicious cyber activity to local FBI offices and CISA.
Nicole Sganga and Robert Legare contributed to this report.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
