A Russian ransomware group successfully breached federal agencies, including the Energy Department, by exploiting file transfer software to steal and then sell users’ data, according to U.S. officials. The director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, described the breach as “opportunistic,” not specifically targeting high-value information and not as damaging as previous cyberattacks on government agencies like the SolarWinds breach in 2020.
The Energy Department confirmed that two entities within the department had their records compromised, and they have notified Congress and C.I.S.A. about the breach. Immediate steps were taken by the Energy Department to address the vulnerability and prevent further exposure, according to Chad Smith, the department’s deputy press secretary.
The State Department and the F.B.I. declined to comment on whether they were affected by the attack. However, an assessment by C.I.S.A. and F.B.I. investigators revealed that the breach was part of a larger ransomware operation carried out by Clop, a Russian ransomware gang. Clop exploited a vulnerability in the software MOVEit and targeted local governments, universities, and corporations. Several public officials and organizations, including British Airways and the BBC, have disclosed being affected by the attack.
While only a small number of federal agencies were affected, initial reports from the private sector suggest that several hundred companies and organizations were impacted. The MOVEit software, which was breached, has been purchased by various government agencies, including NASA, the Treasury Department, and Health and Human Services. The group responsible for the breach, Clop, stated that they had no interest in exploiting data stolen from governmental or police offices, focusing only on stolen business information. However, data stolen in ransomware attacks can easily be sold to other illegal actors, warned cybersecurity experts.
There is no evidence to suggest that Clop was acting in coordination with the Russian government, according to C.I.S.A. officials. This breach is another example of government agencies falling victim to organized cybercrime by Russian groups, which have previously targeted critical civilian infrastructure. Some attacks have primarily been financially motivated, while others have taken on a political tone with tacit approval from the Russian government, particularly against countries supporting Ukraine since Russia’s invasion.
Cyberattacks originating from Russia have been a point of contention in U.S.-Russian relations, and they were a major topic of discussion during a meeting between President Biden and President Putin in 2021. The recent attack on a major U.S. gasoline pipeline by a Russian group resulted in a $5 million ransom payment before the meeting took place. In another cybersecurity development, analysts at Mandiant identified an attack against Barracuda Networks, believed to be part of a Chinese espionage effort, impacting both governmental and private organizations.
Overall, this breach underscores the ongoing challenges posed by cybercriminals and the importance of robust cybersecurity measures to protect sensitive data from such attacks.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
