The Gateway Pundit reported on Thursday that a global cyberattack exploiting a flaw in widely-used software had struck several US federal government agencies, triggering an immediate and rigorous response from cybersecurity officials.
The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed the attacks in a statement to CNN.
“CISA is providing support to several federal agencies that have experienced intrusions,” said Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity. “We are working urgently to understand impacts and ensure timely remediation.”
A senior U.S. Government official told CBS that, while there has been no evidence of compromise in the U.S. Military and intelligence agencies, multiple federal departments have been victim to a significant cyberattack.
Multiple federal agencies, including the Department of Energy, have been targeted in the US. Additionally, Johns Hopkins affiliated hospitals in Maryland and Florida, the Georgia statewide university system, and the Minnesota Department of Education have also been affected. International entities have not been spared either; BBC and British Airways were other notable victims of the attack.
According to BBC, companies in Germany, Belgium, Switzerland, and Canada were affected by the attack, which is now being referred to as potentially the most extensive theft and extortion event in recent history by cybersecurity experts.
“They’ve started releasing some of the stolen data as part of their extortion attempts,” said Deputy National Security Advisor for Cyber Anne Neuberger. “We strongly urge any user of the targeted software to immediately implement patches and secure their systems.”
This unprecedented event is suspected to be the work of a cybercriminal gang known as Clop Ransomware Gang, believed to be operating out of Russia.
The hacker group has reportedly stolen substantial amounts of data and has issued threats to release all stolen data if their ransom demands are not met within a seven-day window. This data could potentially be published on the Dark Web, adding an extra layer of concern for those affected.
BBC reported that the hacker group had released names and company information and threatened to release more.
Brent Callo, a cyber expert, warns of the possible misuse of this stolen data by foreign adversaries and criminals. He suggested that foreign governments could leverage the information stolen by Clop to their advantage.
WATCH:
Federal agencies, state governments and major universities have been hit with a significant cyber attack. There’s no confirmation about what group or country is behind the cyber attack, but U.S. intelligence believes a criminal organization operating inside Russia is responsible. pic.twitter.com/q4pnkmGBYl
— CBS Evening News (@CBSEveningNews) June 15, 2023
Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly told MSNBC’s Andrea Mitchell, “It’s a software that federal agencies and companies across the world use. We put out an advisory about this last week. And we’re responding to it.”
“Right now we’re focused specifically on those federal agencies that may be impacted and we’re working hand in hand with them to be able to mitigate that risk,” she added.
In a series of tweets, Easterly wrote on Thursday:
We’re currently providing support to several federal agencies that have experienced intrusions affecting their #MOVEit file transfer applications, though we are not tracking any significant impacts to federal civilian networks at this time.
While our teams are urgently focused on addressing risks posed by the #MOVEit vulnerability, from what we understand, threat actors are only stealing information that is being stored on the file transfer application at the precise time that the intrusion occurs.
Based on convos w/our JCDC industry partners, we don’t see these intrusions being leveraged to gain broader access, gain persistence into targeted systems, or steal specific high value info. In sum, as we understand it, this attack is largely opportunistic.
Although we’re very concerned about this campaign & working it urgently, this is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks.
This story originally appeared on TheGateWayPundit