Newly Confirmed: MOVEit Breach Targets US Federal Agencies, Extending List of Hacker Victims

Newly Confirmed: MOVEit Breach Targets US Federal Agencies, Extending List of Hacker Victims
MOVEit

US Federal Agencies Confirm MOVEit Breach, Hackers Expand List of Victims

The United States government has officially acknowledged that multiple federal agencies have been targeted in cyberattacks exploiting a security flaw found in the widely used file transfer tool, MOVEit Transfer.

The Cybersecurity and Infrastructure Security Agency (CISA) released a statement confirming that several US government agencies have fallen victim to intrusions resulting from the exploitation of a vulnerability in the enterprise file transfer tool developed by Progress Software. The attacks have been attributed to the Clop ransomware gang, which has recently disclosed the names of organizations it claims to have hacked using the MOVEit vulnerability.

While CISA did not disclose the number or names of the impacted agencies, the Department of Energy (DoE) confirmed that two of its entities were among the breached organizations. Immediate measures were taken by the DoE to contain the vulnerability and notify relevant authorities. The incident is currently under investigation in collaboration with law enforcement agencies, CISA, and the affected entities.

The breach has had a significant impact on the security of personal information, potentially exposing the personally identifiable information of tens of thousands of individuals, including employees and contractors within the energy sector. Other US agencies, including the Department of the Army, the Department of the Air Force, and the Food and Drug Administration, have active MOVEit contracts.

During a press conference, CISA director Jen Easterly assured that efforts are underway to understand the extent of the impacts and remediate the situation promptly. At this stage, it remains uncertain whether any data has been stolen. Easterly emphasized that the intrusions were not aimed at specifically extracting high-value information or establishing persistent access to targeted systems.

While the Clop ransomware group claims to have erased government data and has not listed any US government agencies as victims, they have recently published a fresh set of compromised entities affected by the MOVEit vulnerability. This list includes prominent organizations such as the Boston Globe, East Western Bank based in California, Enzo Biochem in New York, and Nuance, an AI firm owned by Microsoft.

Affected organizations are responding to the situation with caution, and Progress Software has already taken swift action to address a newly discovered vulnerability in MOVEit Transfer. The software company has released a patch for CVE-2023-35708, a vulnerability that could potentially enable unauthorized access to customer environments, as outlined in their advisory.

Next Article