Numerous federal government agencies in the United States have fallen victim to a global cyberattack that capitalizes on a vulnerability present in extensively utilized software, according to officials.
Efforts are underway by the U.S. Cybersecurity and Infrastructure Security Agency to determine the source of the attack and identify potential data breaches.
“CISA is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications. We are working urgently to understand impacts and ensure timely remediation,” said Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity.
is an application designed to securely oversee file transfers, akin to popular platforms like Dropbox or Google Drive. However, what sets it apart is an encryption feature that renders intercepted files considerably more challenging to access before they reach their intended recipients.
During a press briefing on Thursday, CISA didn’t immediately specify which agencies were targeted, but Goldstein clarified “a small number of agencies” were impacted and that they are providing support to “several” of them.
While a Russian-speaking hacking group known as CL0P has claimed credit for some previous hacking attacks, when asked if there was any connection between them and this particular attack, CISA said that “at this point, we have no evidence to suggest coordination between CL0P and the Russian government.”
This news comes a week after that CL0P has been capitalizing on an undisclosed vulnerability within MOVEit.
CISA also confirmed that, at this time, the perpetrator, whoever that may be, has not leaked any information or data that they may have possibly taken from the breach.
“Impacted federal agencies are conducting appropriate analyses to understand impacts to their agencies and affected data,” said Goldstein.
While CISA didn’t confirm any targeted agencies, CNN, , reports that the Department of Energy was among the federal agencies breached, and the department has notified Congress and is “working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach.”