The Cybersecurity and Infrastructure Security Agency (CISA) said that several government agencies experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer.
“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the CISA,” a Department of Energy (DoE) spokesperson told TechCrunch.
“The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach,” the spokesperson added.
CISA director Jen Easterly said the cybersecurity agency is working with impacted agencies “urgently to understand impacts and ensure timely remediation”.
“In sum, as we understand it, this attack is largely an opportunistic one. In addition, we are not aware of Clop actors threatening to extort or release any data stolen from U.S. government agencies,” he told reporters.
Clop claimed on its website that government data had been erased and no government agencies have yet been listed as victims.
The ransomware gang exploited a security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet.
Progress Software, which develops the MOVEit software, has patched the vulnerability.
Other victims listed include financial software provider Datasite, educational non-profit National Student Clearinghouse, student health insurance provider United Healthcare Student Resources, US manufacturer Leggett & Platt and the University System of Georgia (USG), among others
The government of Nova Scotia, which uses MOVEit to share files across departments, also confirmed it was affected.
–IANS
na/ksk/