Several U.S. federal government agencies were hit in a global cyberattack that exploited a vulnerability in a widely used file-transfer software, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed in a statement on Thursday.
Eric Goldstein, the Agency’s Executive Assistant Director For Cybersecurity, in a statement to CNN, said, “CISA is providing support to several federal agencies that have experienced intrusions. We are working urgently to understand impacts and ensure timely remediation.”
CISA is working to ascertain the origin of the attack and whether any sensitive information was compromised or if government systems have been disrupted.
According to officials, the hackers exploited a vulnerability in a program called “MOVEit”, an electronic file transfer application tool generally used by organizations to transfer files between their partners or customers.
Many experts believe the attacks are coming from CL0P Ransomware Gang, which is known to demand multimillion-dollar ransoms. Last week, an alert was also issued by the FBI and the CISA noting that the file transfer software was vulnerable to ransomware attacks wherein data is locked or stolen, and payment is demanded in return.
CL0P has claimed credit for several other cyberattacks in the past with the MOVEIt exploit, which include the BBC, British Airways, Shell, and the governments in the states of Minnesota and Illinois. However, it is unclear if they are the ones behind intrusions faced by federal agencies.
CISA Director Jen Easterly told MSNBC that authorities do not expect the hack to have major impacts on the affected agencies. However, she refused to identify the impacted agencies.
“It’s a software that federal agencies and companies across the world use. We put out an advisory about this last week. And we’re responding to it,” Easterly added.
“Right now, we’re focused specifically on those federal agencies that may be impacted and we’re working hand-in-hand with them to be able to mitigate that risk. We want to work with our partners to make sure we fully understand the situation. I am confident, though, that given all of the advances that we have made with our partners that we are able to drive down that risk in an effective way so we will not see significant impacts.”
When questioned if Russian ransomware could be behind the attack, Easterly said, “We’re tracking it as a criminal group” and “many of these criminal groups are located in places like Eastern Europe.”
Progress Software Corp., which owns MOVEit, and distributes it as a ‘secure managed file transfer software,’ has issued security advice as well as advised its customers to update their software packages.
It strongly suggests companies that use it “disable all HTTP and HTTPS traffic to your MOVEit Transfer environment.” Additionally, the company also released a patch for all its MOVEit Transfer customers on June 9, 2023, to close the exploit.
“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” the company said in a statement.