When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Several US government agencies were targeted in a global cyberattack

Neowin · with 0 comments

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a number of US government agencies have been targeted by cyberattacks. They reportedly are just part of a global hacker attack that has reportedly targeted an issue in the MOVEit software program.

CNN reports that Eric Goldstein, the agency’s executive assistant director for cybersecurity, said that it "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications." He added, "We are working urgently to understand impacts and ensure timely remediation."

So far there's no official comment from the CISA on which government agencies were affected by this cyberattack. There's also no word from them on if any sensitive files have been taken as a result of the attack. NBC News interviewed CISA Director Jen Easterly, who stated only that the hackers that might be responsible for these attacks were "a well-known ransomware group.”

Many experts believe the attacks are coming from CL0P, which is mostly based in Russia. The FBI and the CISA issued an alert about this group last week, stating it had discovered a flaw in MOVEIt and used it to attack systems with that software.

That same group has claimed responsibility for attacking a number of governments and businesses with this exploit. CNN says they include the BBC, British Airways, Shell, and the governments in the states of Minnesota and Illinois.

CNN added:

The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web. As of Thursday morning, the dark website did not list any US federal agencies. Instead, the hackers wrote in all caps, “If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”

MOVEit's parent company Progress has posted an alert about the exploit which strongly suggests companies that use it "disable all HTTP and HTTPS traffic to your MOVEit Transfer environment." It also released a patch on June 9 to close the exploit.

Report a problem with article
The Windows 11 logo with an arrow pointing back to indicate update uninstall
Next Article

Compatibility updates (KB5027573, KB5027572, KB5012419, KB5027385) for Windows 11/10 out

Windows 10 logo white on dark blue-grey background
Previous Article

Windows 10 KB5027215 update is causing installation issues for some users

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment