Hackers target government agencies through vulnerable file-transfer tool
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Several government agencies are responding to data breaches tied to a recently discovered security flaw in a popular file-transfer tool, the nation's cyber defense agency said Thursday.
Why it matters: The breaches highlight just how vulnerable the U.S. government remains to cyberattacks after years of investments to improve agencies' security postures.
The big picture: U.S. government agencies are the newest victims uncovered this weekaa an as part of a weeks-long hacking campaign exploiting a flaw in the MOVEit file-transfer tool.
- Shell, the British oil and gas multinational, confirmed to The Record on Thursday that it's responding to a ransomware attack exploiting the file-transfer tool.
- Johns Hopkins University and the University System of Georgia both said this week they're responding to incidents where hackers targeted their systems through the MOVEit flaw.
What they're saying: "As far as we know these actors are only stealing information that is specifically being stored on the file-transfer application at the precise time that the intrusion occurred," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters Thursday.
- Easterly added that it appears the intrusion is not being used to gain broader access to victim organizations' systems.
Catch up quick: Progress, the developer of MOVEit, has been notifying customers about a pair of severe security flaws in its file-transfer tool for weeks.
- The company has also rolled out two different patches to fix the issue.
Details: The U.S. Department of Energy confirmed in an emailed statement that two department entities were compromised using the MOVEit vulnerability.
- While CISA declined to identify other victim agencies, a senior administration official attributed the attacks to the Russia-linked Cl0p ransomware gang, which has a history of targeting file-transfer tools, per a recent government advisory.
- CISA is providing support to several federal agencies that have experienced intrusions, Easterly told reporters.
Meanwhile, the Russia-linked Cl0p ransomware gang has claimed responsibility for several other attacks that exploit the MOVEit flaws.
- The gang listed its first victims on its dark web site on Wednesday, as TechCrunch reported.
- That list includes U.S.-based financial service organizations 1st Source and First National Bankers Bank, as well as educational non-profit National Student Clearinghouse.
Yes, but: Easterly added that CISA isn't aware of any instance of hackers trying to extort federal agencies to get them to pay to prevent a leak of stolen data.
Be smart: Progress has released two patches to resolve the targeted vulnerabilities and recommends that organizations cut off internet traffic to affected systems until they're able to update their systems.
