Hackers target government agencies through vulnerable file-transfer tool

Several government agencies are responding to data breaches tied to a recently discovered security flaw in a popular file-transfer tool, the nation's cyber defense agency said Thursday.

Why it matters: The breaches highlight just how vulnerable the U.S. government remains to cyberattacks after years of investments to improve agencies' security postures.

The big picture: U.S. government agencies are the newest victims uncovered this weekaa an as part of a weeks-long hacking campaign exploiting a flaw in the MOVEit file-transfer tool.

• Shell, the British oil and gas multinational, confirmed to The Record on Thursday that it's responding to a ransomware attack exploiting the file-transfer tool.
• Johns Hopkins University and the University System of Georgia both said this week they're responding to incidents where hackers targeted their systems through the MOVEit flaw.

What they're saying: "As far as we know these actors are only stealing information that is specifically being stored on the file-transfer application at the precise time that the intrusion occurred," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters Thursday.

• Easterly added that it appears the intrusion is not being used to gain broader access to victim organizations' systems.

Catch up quick: Progress, the developer of MOVEit, has been notifying customers about a pair of severe security flaws in its file-transfer tool for weeks.

• The company has also rolled out two different patches to fix the issue.

Details: The U.S. Department of Energy confirmed in an emailed statement that two department entities were compromised using the MOVEit vulnerability.

• While CISA declined to identify other victim agencies, a senior administration official attributed the attacks to the Russia-linked Cl0p ransomware gang, which has a history of targeting file-transfer tools, per a recent government advisory.

• CISA is providing support to several federal agencies that have experienced intrusions, Easterly told reporters.

Meanwhile, the Russia-linked Cl0p ransomware gang has claimed responsibility for several other attacks that exploit the MOVEit flaws.

• The gang listed its first victims on its dark web site on Wednesday, as TechCrunch reported.
• That list includes U.S.-based financial service organizations 1st Source and First National Bankers Bank, as well as educational non-profit National Student Clearinghouse.

Yes, but: Easterly added that CISA isn't aware of any instance of hackers trying to extort federal agencies to get them to pay to prevent a leak of stolen data.

Be smart: Progress has released two patches to resolve the targeted vulnerabilities and recommends that organizations cut off internet traffic to affected systems until they're able to update their systems.