Worldwide cyberattack hits US federal government agencies

Europe, News, US June 17, 2023 , by IRIA No Comments

A colossal worldwide cyberattack has resulted in severe data theft and left key government websites inaccessible all over the world. Several websites of the U.S. federal government agencies also came under attack.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), a group of Russian-speaking ransomware cybercriminals by the name of CLOP attacked government and institutional websites.

The attack resulted in compromised employee data and other key information theft. Executive assistant director of the CISA Eric Goldstein revealed that his office “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.”

The CISA Director Jen Easterly told reporters that the cyberattack, although large, had no “significant impact” on federal civilian agencies. She said that the hackers have been “largely opportunistic” in using the software flaw to break into networks. She added that the flaw has already been fixed.

The group targeted the vulnerability of the MOVEit software, a file transfer tool used by many large corporations and government agencies to share large files over the internet. While the exact list of victims remains unknown, CLOP unveiled that it has breached data of several government and non-government organizations from around the world including the U.S. Department of Energy, Switzerland’s Finance Ministry, British Airways, Shell Corporation, and BBC.

The cyberattack also resulted in the leakage of personnel data for every holder of a driver’s license from the U.S. state of Louisiana. According to the governor of Louisiana John Bel Edwards, the names, addresses, and social security numbers of more than 4.6 million residents have been exposed. Other personnel information includes driver’s license numbers, vehicle registration data, handicap placard information, birthdates, heights, and eye colors of every individual.

^{Air Force Capt. Sarah Miller and Air Force Tech. Sgt. Carrol Brewster, 834th Cyber Operations Squadron, discussing options in response to a staged cyber-attack at Joint Base San Antonio-Lackland, Texas, June 1, 2019. (Image Credit: U.S. Air Force Maj. Christopher Vasquez)}

The renowned health system of the Johns Hopkins University in Baltimore also fell victim to the cyberattack. The university said in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.

The hackers have been exploiting the vulnerability of the software since last month. Progress Softwares, a U.S.-based IT firm that makes the MOVEit, claims that the vulnerability has already been patched. The company released a statement saying that “we have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue.”

This is not the first time the CLOP ransomware group has carried out a large-scale cyberattack. The group is known to demand multimillion-dollar ransoms after breaching data. However, so far, no ransom demands have been made.