A global cyberattack by Russian cybercriminals has hit several US government agencies, exploiting a weakness in the file transfer software MOVEit, according to the US cyber watchdog agency. The cyberattack also affected NATO member countries.
According to a statement by Eric Goldstein, the executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency (CISA), multiple federal agencies have reported intrusions after the identification of a vulnerability in the file transfer software MOVEit.
“We are working urgently to understand impacts and ensure timely remediation,” he said.
The cyber watchdog, the FBI and US National Security Agency did not respond to Reuters emails seeking details on the breaches.
Meanwhile, Jen Easterly, the director of CISA, said during an interview with MSNBC that the US does not expect any “significant impact” from a hacking attack. He further said that CISA was actively engaged in assessing the full extent of the attack’s impact and collaborating with other agencies to ensure effective remediation measures are implemented.
“Right now, we’re focused quickly on those federal agencies that may be impacted and we’re working hand in hand with them to be able to mitigate that risk,” she said.
MOVEit, created by Progress Software Corp., is generally used by government and private organizations to share files between their partners or customers. For example, financial institutions use the software for their customers to upload their data to apply for a loan.
“There’s a whole lot of potential for what an adversary might be able to get into,” according to John Hammond, a senior researcher at the security firm Huntress.
Cl0p, the online extortion group that has claimed responsibility for the MOVEit cyberattack, had earlier said that they had no intention of exploiting any data obtained from government agencies.
“IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA,” the group said in a statement on its website.
Earlier this month, US and UK cybersecurity officials had issued a warning about a Russian cyber-extortion group that had successfully hacked the file-transfer software, MOVEit. The impact of this breach is expected to be global, as the software is widely used by businesses. Among the affected users are Zellis, a leading UK payroll services provider serving British Airways, the BBC, and other companies, as well as UK chemist chain Boots.