US Government Agencies Hit In Global Cyberattack (cnn.com) 19
An anonymous reader quotes a report from CNN: Several US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. The US Cybersecurity and Infrastructure Security Agency "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications," Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. "We are working urgently to understand impacts and ensure timely remediation." It was not immediately clear if the hackers responsible for breaching the federal agencies were a Russian-speaking ransomware group that has claimed credit for numerous other victims in the hacking campaign.
Agencies were much quicker Thursday to deny they'd been affected by the hacking than to confirm they were. The Transportation Security Administration and the State Department said they were not victims of the hack. CISA Director Jen Easterly told MSNBC on Thursday that she was "confident" that there will not be "significant impacts" to federal agencies from the hacks because of the government's defensive improvements. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.
The new hacking campaign shows the widespread impact that a single software flaw can have if exploited by skilled criminals. The hackers -- a well-known group whose favored malware emerged in 2019 -- in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.
Agencies were much quicker Thursday to deny they'd been affected by the hacking than to confirm they were. The Transportation Security Administration and the State Department said they were not victims of the hack. CISA Director Jen Easterly told MSNBC on Thursday that she was "confident" that there will not be "significant impacts" to federal agencies from the hacks because of the government's defensive improvements. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.
The new hacking campaign shows the widespread impact that a single software flaw can have if exploited by skilled criminals. The hackers -- a well-known group whose favored malware emerged in 2019 -- in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.