Senior government officials are currently working to minimize the impact of a global cyberattack that is affecting U.S. federal agencies and allied countries, including NATO members. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that it is providing support to federal agencies affected by intrusions in their file transfer applications. Efforts are underway to understand the extent of the impact and implement timely remediation measures.
According to Anne Neuberger, the deputy national security advisor for cyber and emerging technology, the hackers exploited a vulnerability in widely used software used for large file transfers. They have already started releasing some of the stolen data as part of their extortion tactics against affected companies. Neuberger emphasized the importance of patching and securing systems for all users of the software.
This breach is being regarded as one of the largest theft and extortion events in recent history, with victims including Johns Hopkins University, the University of Georgia, the BBC, and British Airways. Cybersecurity experts believe that the hacking group responsible for the attack has been active since 2014 and operates with the tacit approval of Moscow’s intelligence services, suggesting a link to Russia. The hackers have been identified as CLOP Ransomware by CISA Director Jen Easterly.
As of now, there are 47 confirmed victims, including some unidentified U.S. government agencies. The CISA official declined to name the specific government agencies affected but stated that there is no evidence of impact on the military branches or intelligence community. The official also clarified that this cyberattack does not pose a systemic risk to national security or the nation’s networks like the SolarWinds attack in 2020.
No federal agencies have received extortion demands, and no federal data has been leaked. Many organizations had already patched the software vulnerability before the hackers could infiltrate their systems. The ransomware variant CLOP employs a double extortion strategy, where it steals sensitive data, encrypts it, and then demands a ransom to prevent the release of the information on their ransomware site.
Currently, the government’s focus is on mitigating the risk for federal agencies affected by the attack. Efforts are being made in collaboration with these agencies to address the situation. Although the government’s primary concern is federal agencies, they are aware that businesses worldwide have also been impacted. Researchers have identified banks and credit unions as additional victims.
The FBI and CISA issued a warning about the ransomware gang exploiting the vulnerability in the MoveIt Transfer file-sharing software in late May. Private sector partners were encouraged to take recommended security measures to protect themselves and report any suspicious cyber activity to the FBI and CISA.
US Military and intelligence agencies have been impacted.